29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4

Analysis

max time kernel
149s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe
Size

184KB
MD5

60bf206c21af8584c59385707d69e2c0
SHA1

a9028d4613fbcad4ba02c45507679b56bc94af15
SHA256

29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4
SHA512

ed4931ce3a3f77f96f478288e90f8eafa7bced9ebfe68f3ec20c61e46b7092ea6bea1c44bcd4997d92e5096cffb5b354da77df41c0e9239c08b6d3247ae72d8e
SSDEEP

3072:MhGaYCoFj5vRdS9FZ5F8uWrHlvnqnqeu4:Mhpo/fS9b81rHlPqnqeu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
688	Unicorn-8250.exe
1564	Unicorn-34888.exe
4984	Unicorn-30097.exe
4556	Unicorn-60923.exe
3768	Unicorn-9262.exe
3848	Unicorn-53440.exe
1936	Unicorn-63838.exe
1056	Unicorn-53435.exe
1532	Unicorn-57114.exe
1892	Unicorn-60643.exe
3028	Unicorn-44992.exe
4016	Unicorn-38862.exe
3252	Unicorn-44992.exe
4440	Unicorn-44727.exe
2556	Unicorn-41654.exe
1232	Unicorn-59906.exe
2480	Unicorn-37601.exe
868	Unicorn-975.exe
1224	Unicorn-59313.exe
1608	Unicorn-47483.exe
636	Unicorn-128.exe
3992	Unicorn-15495.exe
3644	Unicorn-19174.exe
464	Unicorn-54499.exe
2680	Unicorn-54499.exe
2848	Unicorn-14535.exe
1488	Unicorn-38848.exe
4208	Unicorn-29346.exe
4860	Unicorn-9745.exe
4728	Unicorn-37208.exe
1420	Unicorn-49595.exe
1424	Unicorn-24550.exe
2688	Unicorn-59683.exe
1512	Unicorn-13096.exe
5104	Unicorn-20296.exe
1904	Unicorn-10866.exe
4200	Unicorn-44343.exe
2456	Unicorn-40201.exe
5020	Unicorn-28088.exe
1100	Unicorn-19528.exe
3164	Unicorn-19528.exe
1616	Unicorn-59333.exe
4384	Unicorn-7480.exe
4940	Unicorn-59945.exe
2856	Unicorn-39275.exe
2128	Unicorn-34253.exe
2216	Unicorn-34253.exe
4952	Unicorn-9208.exe
3732	Unicorn-13706.exe
1500	Unicorn-65508.exe
2756	Unicorn-19837.exe
1168	Unicorn-45410.exe
1708	Unicorn-30234.exe
2320	Unicorn-41003.exe
3212	Unicorn-9016.exe
3640	Unicorn-10714.exe
2748	Unicorn-36365.exe
4920	Unicorn-35403.exe
4376	Unicorn-30418.exe
3052	Unicorn-17843.exe
3076	Unicorn-30994.exe
3584	Unicorn-32154.exe
4212	Unicorn-63666.exe
4536	Unicorn-17267.exe

Program crash 43 IoCs

pid	pid_target	Process	procid_target
6064	5132	WerFault.exe	190
4284	3948	WerFault.exe	180
5160	1524	WerFault.exe	149
8152	1524	WerFault.exe	149
7920	11056	WerFault.exe	509
11408	11040	WerFault.exe	508
11384	11092	WerFault.exe	512
17096	13472	WerFault.exe	693
17292	11460	WerFault.exe	692
14504	14232	WerFault.exe	698
1812	14420	WerFault.exe	725
17332	15112	WerFault.exe	741
17124	14396	WerFault.exe	723
16648	14688	WerFault.exe	766
16616	11092	WerFault.exe	750
16856	14528	WerFault.exe	751
1624	14404	WerFault.exe	753
4156	14748	WerFault.exe	767
4616	16064	WerFault.exe	781
16840	15544	WerFault.exe	772
448	15960	WerFault.exe	775
16832	16044	WerFault.exe	780
14112	16028	WerFault.exe	778
17116	16120	WerFault.exe	787
1956	16036	WerFault.exe	779
16392	15068	WerFault.exe	792
16824	16364	WerFault.exe	790
12824	15936	WerFault.exe	794
14800	15952	WerFault.exe	817
15368	16060	WerFault.exe	800
17008	16016	WerFault.exe	820
16540	3836	WerFault.exe	991
16120	1812	WerFault.exe	940
748	4268	WerFault.exe	1023
7088	7852	WerFault.exe	377
3796	7888	WerFault.exe	335
4296	1500	WerFault.exe	132
16456	4404	WerFault.exe	1044
15304	2128	WerFault.exe	129
6040	2128	Process not Found	129
14264	748	Process not Found	1108
15636	1956	Process not Found	1142
12892	13660	Process not Found	1411

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe
688	Unicorn-8250.exe
1564	Unicorn-34888.exe
4984	Unicorn-30097.exe
4556	Unicorn-60923.exe
3768	Unicorn-9262.exe
3848	Unicorn-53440.exe
1936	Unicorn-63838.exe
1056	Unicorn-53435.exe
1532	Unicorn-57114.exe
2556	Unicorn-41654.exe
1892	Unicorn-60643.exe
3252	Unicorn-44992.exe
3028	Unicorn-44992.exe
4016	Unicorn-38862.exe
4440	Unicorn-44727.exe
1232	Unicorn-59906.exe
2480	Unicorn-37601.exe
1224	Unicorn-59313.exe
868	Unicorn-975.exe
1608	Unicorn-47483.exe
636	Unicorn-128.exe
3992	Unicorn-15495.exe
1488	Unicorn-38848.exe
2848	Unicorn-14535.exe
4860	Unicorn-9745.exe
3644	Unicorn-19174.exe
4728	Unicorn-37208.exe
464	Unicorn-54499.exe
2680	Unicorn-54499.exe
4208	Unicorn-29346.exe
1420	Unicorn-49595.exe
1424	Unicorn-24550.exe
2688	Unicorn-59683.exe
1512	Unicorn-13096.exe
1904	Unicorn-10866.exe
5104	Unicorn-20296.exe
4200	Unicorn-44343.exe
2456	Unicorn-40201.exe
5020	Unicorn-28088.exe
1100	Unicorn-19528.exe
3164	Unicorn-19528.exe
1616	Unicorn-59333.exe
4384	Unicorn-7480.exe
4940	Unicorn-59945.exe
2856	Unicorn-39275.exe
2128	Unicorn-34253.exe
2216	Unicorn-34253.exe
4952	Unicorn-9208.exe
2320	Unicorn-41003.exe
1500	Unicorn-65508.exe
1168	Unicorn-45410.exe
3640	Unicorn-10714.exe
3732	Unicorn-13706.exe
4920	Unicorn-35403.exe
3212	Unicorn-9016.exe
2756	Unicorn-19837.exe
1708	Unicorn-30234.exe
2748	Unicorn-36365.exe
4376	Unicorn-30418.exe
3584	Unicorn-32154.exe
3052	Unicorn-17843.exe
3076	Unicorn-30994.exe
4212	Unicorn-63666.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 688	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	83
PID 4684 wrote to memory of 688	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	83
PID 4684 wrote to memory of 688	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	83
PID 688 wrote to memory of 1564	688	Unicorn-8250.exe	84
PID 688 wrote to memory of 1564	688	Unicorn-8250.exe	84
PID 688 wrote to memory of 1564	688	Unicorn-8250.exe	84
PID 4684 wrote to memory of 4984	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	85
PID 4684 wrote to memory of 4984	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	85
PID 4684 wrote to memory of 4984	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	85
PID 1564 wrote to memory of 4556	1564	Unicorn-34888.exe	86
PID 1564 wrote to memory of 4556	1564	Unicorn-34888.exe	86
PID 1564 wrote to memory of 4556	1564	Unicorn-34888.exe	86
PID 688 wrote to memory of 3768	688	Unicorn-8250.exe	87
PID 688 wrote to memory of 3768	688	Unicorn-8250.exe	87
PID 688 wrote to memory of 3768	688	Unicorn-8250.exe	87
PID 4984 wrote to memory of 3848	4984	Unicorn-30097.exe	88
PID 4984 wrote to memory of 3848	4984	Unicorn-30097.exe	88
PID 4984 wrote to memory of 3848	4984	Unicorn-30097.exe	88
PID 4684 wrote to memory of 1936	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	89
PID 4684 wrote to memory of 1936	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	89
PID 4684 wrote to memory of 1936	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	89
PID 4556 wrote to memory of 1056	4556	Unicorn-60923.exe	90
PID 4556 wrote to memory of 1056	4556	Unicorn-60923.exe	90
PID 4556 wrote to memory of 1056	4556	Unicorn-60923.exe	90
PID 1564 wrote to memory of 1532	1564	Unicorn-34888.exe	91
PID 1564 wrote to memory of 1532	1564	Unicorn-34888.exe	91
PID 1564 wrote to memory of 1532	1564	Unicorn-34888.exe	91
PID 3768 wrote to memory of 1892	3768	Unicorn-9262.exe	92
PID 3768 wrote to memory of 1892	3768	Unicorn-9262.exe	92
PID 3768 wrote to memory of 1892	3768	Unicorn-9262.exe	92
PID 1936 wrote to memory of 3028	1936	Unicorn-63838.exe	93
PID 1936 wrote to memory of 3028	1936	Unicorn-63838.exe	93
PID 1936 wrote to memory of 3028	1936	Unicorn-63838.exe	93
PID 3848 wrote to memory of 3252	3848	Unicorn-53440.exe	95
PID 3848 wrote to memory of 3252	3848	Unicorn-53440.exe	95
PID 3848 wrote to memory of 3252	3848	Unicorn-53440.exe	95
PID 688 wrote to memory of 4016	688	Unicorn-8250.exe	94
PID 688 wrote to memory of 4016	688	Unicorn-8250.exe	94
PID 688 wrote to memory of 4016	688	Unicorn-8250.exe	94
PID 4984 wrote to memory of 2556	4984	Unicorn-30097.exe	97
PID 4984 wrote to memory of 2556	4984	Unicorn-30097.exe	97
PID 4984 wrote to memory of 2556	4984	Unicorn-30097.exe	97
PID 4684 wrote to memory of 4440	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	96
PID 4684 wrote to memory of 4440	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	96
PID 4684 wrote to memory of 4440	4684	29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe	96
PID 1056 wrote to memory of 1232	1056	Unicorn-53435.exe	98
PID 1056 wrote to memory of 1232	1056	Unicorn-53435.exe	98
PID 1056 wrote to memory of 1232	1056	Unicorn-53435.exe	98
PID 4556 wrote to memory of 2480	4556	Unicorn-60923.exe	99
PID 4556 wrote to memory of 2480	4556	Unicorn-60923.exe	99
PID 4556 wrote to memory of 2480	4556	Unicorn-60923.exe	99
PID 1532 wrote to memory of 868	1532	Unicorn-57114.exe	100
PID 1532 wrote to memory of 868	1532	Unicorn-57114.exe	100
PID 1532 wrote to memory of 868	1532	Unicorn-57114.exe	100
PID 1564 wrote to memory of 1224	1564	Unicorn-34888.exe	101
PID 1564 wrote to memory of 1224	1564	Unicorn-34888.exe	101
PID 1564 wrote to memory of 1224	1564	Unicorn-34888.exe	101
PID 2556 wrote to memory of 1608	2556	Unicorn-41654.exe	102
PID 2556 wrote to memory of 1608	2556	Unicorn-41654.exe	102
PID 2556 wrote to memory of 1608	2556	Unicorn-41654.exe	102
PID 4984 wrote to memory of 636	4984	Unicorn-30097.exe	103
PID 4984 wrote to memory of 636	4984	Unicorn-30097.exe	103
PID 4984 wrote to memory of 636	4984	Unicorn-30097.exe	103
PID 1892 wrote to memory of 3992	1892	Unicorn-60643.exe	104

C:\Users\Admin\AppData\Local\Temp\29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe
"C:\Users\Admin\AppData\Local\Temp\29aedb5c42d1cbe0a514b8269a94448998a76fc215d853abbe45e27e41fb4bc4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        10⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        11⤵
        
        PID:12680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        11⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64492.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        10⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        10⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27552.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        9⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        9⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        9⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58769.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        9⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        9⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        9⤵
        
        PID:15952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15952 -s 452
        10⤵
        Program crash
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        8⤵
        
        PID:12192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3298.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        10⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        10⤵
        
        PID:16776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        10⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        9⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        9⤵
        
        PID:16028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16028 -s 436
        10⤵
        Program crash
        
        PID:14112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        9⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        9⤵
        
        PID:17260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        9⤵
        
        PID:17304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        9⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        8⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11460 -s 476
        9⤵
        Program crash
        
        PID:17292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        8⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26567.exe
        8⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        7⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        7⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29303.exe
        7⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        9⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
        9⤵
        
        PID:15260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        8⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
        9⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        9⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        9⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14232 -s 452
        10⤵
        Program crash
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        8⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 448
        9⤵
        Program crash
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        7⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
        8⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        8⤵
        
        PID:16400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        8⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
        7⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 464
        8⤵
        Program crash
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        8⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        7⤵
        
        PID:16064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16064 -s 436
        8⤵
        Program crash
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18701.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        10⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        9⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 420
        10⤵
        Program crash
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        9⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        8⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        9⤵
        
        PID:12452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        9⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        8⤵
        
        PID:15424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        8⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        8⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        7⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        9⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        9⤵
        
        PID:16636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        8⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        8⤵
        
        PID:16036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16036 -s 436
        9⤵
        Program crash
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        7⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25144.exe
        8⤵
        
        PID:16388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        7⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        6⤵
        Executes dropped EXE
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        9⤵
        
        PID:15972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        8⤵
        
        PID:14300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
        7⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        6⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1220.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        7⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17042.exe
        7⤵
        
        PID:16060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16060 -s 464
        8⤵
        Program crash
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        6⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        9⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51672.exe
        9⤵
        
        PID:15904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
        8⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        8⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        8⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        7⤵
        
        PID:11748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
        6⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65421.exe
        7⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        7⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        6⤵
        
        PID:14396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14396 -s 424
        7⤵
        Program crash
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
        5⤵
        
        PID:4264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        8⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        7⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49227.exe
        7⤵
        
        PID:12712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        7⤵
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        6⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17780.exe
        6⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63304.exe
        5⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
        6⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 724
        7⤵
        Program crash
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
        6⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
        6⤵
        
        PID:17152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14688.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14220.exe
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        5⤵
        
        PID:16616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        5⤵
        
        PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        7⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 720
        8⤵
        Program crash
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 740
        8⤵
        Program crash
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        8⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        8⤵
        
        PID:14688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14688 -s 464
        9⤵
        Program crash
        
        PID:16648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 460
        9⤵
        Program crash
        
        PID:748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 604
        8⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        7⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        7⤵
        
        PID:16112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
        7⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56484.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        8⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        7⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        7⤵
        
        PID:228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        7⤵
        
        PID:15112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15112 -s 456
        8⤵
        Program crash
        
        PID:17332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        7⤵
        
        PID:16504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        6⤵
        
        PID:60
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48674.exe
        6⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        8⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        8⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        8⤵
        
        PID:14584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        7⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        7⤵
        
        PID:14716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        7⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        7⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        6⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        7⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36186.exe
        8⤵
        
        PID:16472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        8⤵
        
        PID:16912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        7⤵
        
        PID:12144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        6⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        6⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
        6⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        6⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53831.exe
        6⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        5⤵
        
        PID:14676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
        6⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        7⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        7⤵
        
        PID:15580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        7⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        7⤵
        
        PID:17048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18363.exe
        6⤵
        
        PID:11072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        6⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        5⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        7⤵
        
        PID:13560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53416.exe
        5⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30746.exe
        6⤵
        
        PID:9164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44343.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        7⤵
        
        PID:15544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15544 -s 468
        8⤵
        Program crash
        
        PID:16840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        7⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        7⤵
        
        PID:16240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24752.exe
        7⤵
        
        PID:12956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39680.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        6⤵
        
        PID:15980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
      4⤵
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        6⤵
        
        PID:13804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        6⤵
        
        PID:16508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        6⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38483.exe
        6⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        6⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
        5⤵
        
        PID:14236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7393.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        5⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20671.exe
        5⤵
        
        PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22472.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
        9⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        8⤵
        
        PID:16004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        8⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        8⤵
        
        PID:14156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        8⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        7⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        8⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        8⤵
        
        PID:15872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        7⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54916.exe
        7⤵
        
        PID:16960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        7⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        6⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        7⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        8⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        8⤵
        
        PID:16624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        7⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
        6⤵
        
        PID:9028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56451.exe
        6⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29069.exe
        6⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        7⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        8⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        8⤵
        
        PID:16948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        7⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        7⤵
        
        PID:16360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        7⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        6⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        6⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58244.exe
        6⤵
        
        PID:10504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        6⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        5⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        5⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        5⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        5⤵
        
        PID:8
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        5⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        6⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
        7⤵
        
        PID:15264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        6⤵
        
        PID:14428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        5⤵
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22799.exe
        5⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        5⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        6⤵
        
        PID:8064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        5⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        6⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19047.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        5⤵
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
      4⤵
      PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        5⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        5⤵
        
        PID:16044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16044 -s 436
        6⤵
        Program crash
        
        PID:16832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5857.exe
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        5⤵
        
        PID:15368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        5⤵
        
        PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
      4⤵
      PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
      4⤵
      PID:13472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13472 -s 464
        5⤵
        Program crash
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
        8⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        7⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 420
        8⤵
        Program crash
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        7⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58009.exe
        7⤵
        
        PID:16412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
        7⤵
        
        PID:17108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18383.exe
        6⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        5⤵
        
        PID:5132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 488
        6⤵
        Program crash
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        5⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        6⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        8⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        7⤵
        
        PID:12208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        7⤵
        
        PID:16256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
        6⤵
        
        PID:13900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        5⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5665.exe
        6⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        6⤵
        
        PID:16364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16364 -s 464
        7⤵
        Program crash
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        6⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        5⤵
        
        PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        6⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1562.exe
        5⤵
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43128.exe
      4⤵
      PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41322.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      4⤵
      PID:14408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
      4⤵
      PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32645.exe
        6⤵
        
        PID:8660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        6⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39312.exe
        5⤵
        
        PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        5⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        5⤵
        
        PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        5⤵
        
        PID:9904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        5⤵
        
        PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
      4⤵
      PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
      4⤵
      PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        6⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52300.exe
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        5⤵
        
        PID:16392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        5⤵
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
      4⤵
      PID:16352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      4⤵
      PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
    3⤵
    PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
      4⤵
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
      4⤵
      PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
      4⤵
      PID:14420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14420 -s 452
        5⤵
        Program crash
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
      4⤵
      PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
      4⤵
      PID:13544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
    3⤵
    PID:9340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
    3⤵
    PID:14056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31202.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        9⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        8⤵
        
        PID:12356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        8⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        8⤵
        
        PID:13788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41057.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12840.exe
        7⤵
        
        PID:16936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 508
        7⤵
        Program crash
        
        PID:15304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42458.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        8⤵
        
        PID:16016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16016 -s 460
        9⤵
        Program crash
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        7⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        7⤵
        
        PID:17028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        7⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        6⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        6⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42403.exe
        8⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
        8⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        8⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        7⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        7⤵
        
        PID:15960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15960 -s 464
        8⤵
        Program crash
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        6⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        7⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
        7⤵
        
        PID:14472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        6⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        6⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        6⤵
        
        PID:16100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 752
        6⤵
        Program crash
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        6⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        7⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        7⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        7⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40609.exe
        6⤵
        
        PID:17404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        6⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        6⤵
        
        PID:184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        5⤵
        
        PID:9396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        5⤵
        
        PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        5⤵
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        7⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        7⤵
        
        PID:16684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        6⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        6⤵
        
        PID:9596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        6⤵
        
        PID:14264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        6⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        5⤵
        
        PID:12824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
      4⤵
      PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        7⤵
        
        PID:11784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        6⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        5⤵
        
        PID:13828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
      4⤵
      PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        5⤵
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        5⤵
        
        PID:14508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
        5⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        5⤵
        
        PID:1812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 432
        6⤵
        Program crash
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      4⤵
      PID:14328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
      4⤵
      PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44808.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
      4⤵
      PID:5340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        6⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
        7⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        8⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        8⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        8⤵
        
        PID:17296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        7⤵
        
        PID:16492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        6⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43307.exe
        5⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        6⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        7⤵
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        7⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        6⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1019.exe
        6⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
        6⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21435.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        5⤵
        
        PID:12432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        5⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        7⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15335.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        6⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        6⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        5⤵
        
        PID:15284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        5⤵
        
        PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        6⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        5⤵
        
        PID:14404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14404 -s 464
        6⤵
        Program crash
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17552.exe
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
      4⤵
      PID:10756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        8⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        8⤵
        
        PID:15068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15068 -s 464
        9⤵
        Program crash
        
        PID:16392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        7⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26343.exe
        6⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        6⤵
        
        PID:13836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        6⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        6⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        6⤵
        
        PID:15936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15936 -s 464
        7⤵
        Program crash
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        5⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15607.exe
        5⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        5⤵
        
        PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
      4⤵
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        6⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53104.exe
        6⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
        5⤵
        
        PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        5⤵
        
        PID:16704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
        5⤵
        
        PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
      4⤵
      PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
      4⤵
      PID:3836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 456
        5⤵
        Program crash
        
        PID:16540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59945.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12156.exe
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        7⤵
        
        PID:11756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        7⤵
        
        PID:16876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        7⤵
        
        PID:15012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        7⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 460
        8⤵
        Program crash
        
        PID:16456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
        6⤵
        
        PID:16648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        5⤵
        
        PID:16640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        5⤵
        
        PID:15268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        5⤵
        
        PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        5⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        5⤵
        
        PID:14748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14748 -s 464
        6⤵
        Program crash
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        5⤵
        
        PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
      4⤵
      PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
      4⤵
      PID:14600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
      4⤵
      PID:17312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
    3⤵
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
      4⤵
      PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        5⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62960.exe
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
      4⤵
      PID:15380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
      4⤵
      PID:5692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
      4⤵
      PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
      4⤵
      PID:15288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
    3⤵
    PID:9372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
    3⤵
    PID:13920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
    3⤵
    PID:14264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55986.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        8⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        8⤵
        
        PID:12796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2904.exe
        7⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        7⤵
        
        PID:12600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59052.exe
        7⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
        7⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        6⤵
        
        PID:14008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        6⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        5⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50693.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        6⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        6⤵
        
        PID:13016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        5⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        6⤵
        
        PID:14528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14528 -s 464
        7⤵
        Program crash
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        5⤵
        
        PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        5⤵
        
        PID:14444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32946.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        7⤵
        
        PID:16436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        6⤵
        
        PID:16320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44817.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        5⤵
        
        PID:14684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13464.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        5⤵
        
        PID:12112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
      4⤵
      PID:13136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
      4⤵
      PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22712.exe
      4⤵
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        6⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41864.exe
        7⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        6⤵
        
        PID:14504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        6⤵
        
        PID:17008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62674.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        5⤵
        
        PID:12832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
      4⤵
      PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24602.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
        5⤵
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
      4⤵
      PID:14256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        5⤵
        
        PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        5⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24425.exe
      4⤵
      PID:8552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      4⤵
      PID:12804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
      4⤵
      PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
      4⤵
      PID:16084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33314.exe
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49106.exe
      4⤵
      PID:9348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
      4⤵
      PID:14772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
    3⤵
    PID:9604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
    3⤵
    PID:13320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42842.exe
    3⤵
    PID:16812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        5⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        6⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        7⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        7⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        7⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        6⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25216.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        6⤵
        
        PID:16272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        5⤵
        
        PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        5⤵
        
        PID:13064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
      4⤵
      PID:3948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 488
        5⤵
        Program crash
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
      4⤵
      PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
      4⤵
      PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
      4⤵
      PID:14812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
      4⤵
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
        6⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        6⤵
        
        PID:17212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        6⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16831.exe
        5⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        5⤵
        
        PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        5⤵
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
      4⤵
      PID:9428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
      4⤵
      PID:13812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
    3⤵
    PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        5⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        5⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        5⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
      4⤵
      PID:8248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18584.exe
      4⤵
      PID:14532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33199.exe
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
    3⤵
    PID:7160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
      4⤵
      PID:14784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
    3⤵
    PID:9384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
    3⤵
    PID:11448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19837.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16239.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        5⤵
        
        PID:16120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16120 -s 432
        6⤵
        Program crash
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        5⤵
        
        PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
      4⤵
      PID:9936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
      4⤵
      PID:4696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
    3⤵
    PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
      4⤵
      PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
      4⤵
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61457.exe
      4⤵
      PID:15180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
    3⤵
    PID:6444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
    3⤵
    PID:12252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
    3⤵
    PID:15908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
    3⤵
    PID:14576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
    3⤵
    PID:5608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35403.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
    3⤵
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        6⤵
        
        PID:14808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46890.exe
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
      4⤵
      PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
    3⤵
    PID:9408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
    3⤵
    PID:14128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
    3⤵
    PID:5004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
  2⤵
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8316.exe
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
      4⤵
      PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
      4⤵
      PID:16548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      4⤵
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
    3⤵
    PID:5456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18584.exe
    3⤵
    PID:14572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
  2⤵
  PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
    3⤵
    PID:12576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48899.exe
  2⤵
  PID:11104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
  2⤵
  PID:15216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1524 -ip 1524
1⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5132 -ip 5132
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3948 -ip 3948
1⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1524 -ip 1524
1⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 11056 -ip 11056
1⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 11040 -ip 11040
1⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 11092 -ip 11092
1⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 13472 -ip 13472
1⤵
PID:16540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 11460 -ip 11460
1⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 14112 -ip 14112
1⤵
PID:16416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 12796 -ip 12796
1⤵
PID:16448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 14396 -ip 14396
1⤵
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 14532 -ip 14532
1⤵
PID:16856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 15304 -ip 15304
1⤵
PID:16388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 14528 -ip 14528
1⤵
PID:16408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 14404 -ip 14404
1⤵
PID:16644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6656 -ip 6656
1⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 15100 -ip 15100
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 15368 -ip 15368
1⤵
PID:17132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 15960 -ip 15960
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 16028 -ip 16028
1⤵
PID:14648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 16036 -ip 16036
1⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 14684 -ip 14684
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 16352 -ip 16352
1⤵
PID:16516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 16320 -ip 16320
1⤵
PID:15308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 16016 -ip 16016
1⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 15944 -ip 15944
1⤵
PID:16852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 15816 -ip 15816
1⤵
PID:16540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 15872 -ip 15872
1⤵
PID:17100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 17248 -ip 17248
1⤵
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 1812 -ip 1812
1⤵
PID:16852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 15180 -ip 15180
1⤵
PID:16024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 15180 -ip 15180
1⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 3184 -ip 3184
1⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 14960 -ip 14960
1⤵
PID:2880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2892 -ip 2892
1⤵
PID:16196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 1088 -ip 1088
1⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4268 -ip 4268
1⤵
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1500 -ip 1500
1⤵
PID:3932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe

Filesize
184KB

MD5
da73f1214f1d80b131ca68cb3d1434f2

SHA1
948ea39548cafb3b0a21b9c44939fff7f617417d

SHA256
e0d7158d9d0c4cf164477a9ce38796ac7f1491e6b9ba1e453d0a97b2d3d276a9

SHA512
45c44281d6e793ccfc61c443c1a294f60248c27b3623e194526a67ddf7d60dd9ce961820ee73d6ab352d3c20ab5b68fd9261cd15c62ef60223f7377aee0fc281

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe

Filesize
184KB

MD5
02388e1f6cfab5a6f8efbc05da7eca2f

SHA1
eb3acc8cdf35c59e10e69618f1096336589cd3ba

SHA256
aa7204ab81d37c451bd7cd00252db2750d787223e0a37dc91b03e6b74de06821

SHA512
a3b8f0faa6595519c5c215e98d10b32a6be90b095113d19d9d3df3387546bef848211dd840cbb825cd84b9a3cb032d664d79845272cdbd1aa214ce8bad793186

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe

Filesize
184KB

MD5
886f2404ee1a1cadcc79939593c64d9b

SHA1
1b5819c204e37f8023e76c2065c6e19959592ebb

SHA256
2c4ee067de1ddde8e4b4bad0fc437bc28c3a5ed2dc2b781ba41c3156d825dfdd

SHA512
a8ee337c6edcd4d03fc7bf9061c4b237100c39b4d269962d7fa60c681057fcb1e0097ab11d260dfc5e28f83985fa364672d39640a276d7244f76f7a3aab418fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe

Filesize
184KB

MD5
1d1ce4100ea00de8c84f12db9a8991d8

SHA1
904384a94918db3abda6200117545fe03902de59

SHA256
8ad41773766308c7c57e711b4a93c45e20b199601f47144097e8b8f392d8f09e

SHA512
081e6312fbe8d55c2ad07dc7bc20f2718ad74059e2dbb21edd7439c4a09911f257306a67df7edac4933ba718a03b420def32953a000d739c43f1c1221ce584e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe

Filesize
184KB

MD5
97a17c3dcfec4e9a0de905b6e0b6450d

SHA1
ba11ed720b5692758a5c34e83058d02f777d170f

SHA256
68b282b801993ad6e5fa6c8a6cb95f0e87219b57332307016f7fccc661a35197

SHA512
10197e22f8fb388d64e575cf158705dc038dcd628cb442d4a011f7f7fb8744fe8981999abc62be07fbff9da0adc9fda47dacdfba61fd82500197e8380343450b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe

Filesize
184KB

MD5
c9691a16b7d8bfe84af059e4837f0f95

SHA1
a4425c76181c5353bf24032074ef24247fa5c1b4

SHA256
6c2bfbdce55788d1aa4d9d92fbfdf6a2b777d0db120665bc36caa8bcfadc34c1

SHA512
b9302a8c116037db8788363baa580a0635f3b6ac801bfea766afccd24a14b6344b6392152ec65ae2d7dc4d283353de5ee59a0a95f65e23035361ef93ec5d46a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe

Filesize
184KB

MD5
9ea293c67de46b7962a91b766f0873c7

SHA1
a1ee1e536b0843b6d231c0e36d79b1aa2d0fb924

SHA256
a39a3f0b385e9ecc1d27d043069edf957ae648d5b00159db17d2f8e9e473ca0c

SHA512
15d75daf4f159d8e8eee5bfb9c8e2640e747fd98cb7b03652f1bbec1b076b2c8e7fa6d749e03712aa49a7a6b32adb7c72e8f39cfb0611befab5f3786842718fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe

Filesize
184KB

MD5
0fa0c0c8c2660fea5622a33fa045ace9

SHA1
be3794773671febeeab2f6bbce5ffdf666253876

SHA256
e9396ce72beab2517afc76ee9e897c376cc4e5c2f7049dddb9708ac34065a9e2

SHA512
d3b9f430dbc8665f6c8df5ca74bef91db34c540da42257f75f78774a1626799c5f82a68b1814522889293cdf81ed8e29e6a5024527d27259f9d7fc906316c983

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe

Filesize
184KB

MD5
cac24d2720cbb38c849912402bc40c62

SHA1
459f371448f15057f5ad9f9a847d790d8ebd0952

SHA256
72b4f8b14c4a6edc9bf919d9ec73c910e55d6a778924085873d2a54d38490acc

SHA512
c682b02d2394de09a5a2cc8cc81d56927fbe644c82a22d99bbb2bc2bdaa5d522aa6aefcda822d53aed3beb81d60c3f3c55fdd3527d8414e492a59eae4d866e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe

Filesize
184KB

MD5
ba7df5f845f0229bdf0bfc3ada812036

SHA1
14c2c204896af37a84d6179ee3c6de1879d3e04e

SHA256
ffd68fffa87eef64be8206155376376eef7af437ed0345431d73b5f73edf0c94

SHA512
2a855d12a09007d03f8bce0cd78f0dde7eeecce58eb8655a989284c57e0b67fe80bf311faef00ef62ee9c2e6d55826670e08b814b2b8412f220f7d8c60d926c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe

Filesize
184KB

MD5
4d577ea922569ee9b01ca4e8dd50eb75

SHA1
e793dab3e30213bfc1ccad31222643546885b217

SHA256
da908ae4cf2f1bc6354ab5f498704ee29ce7a35f9c0ccaa4e1b5e77a55ec0acd

SHA512
088f827471bbeb3a53778e63915e5f71d7491aee448d90ddd21d1a1cb62816700c1791f9b98563b9f787e5e863aed64c2eefbbc1692b7bcec4622af5ee561e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe

Filesize
184KB

MD5
8f3c5b3fede89ed3aa9299231a3091ac

SHA1
89e05e073281a56832d2210f272675a1f0d8238a

SHA256
7ecc27378e8be02bb8100ded9fe4c5b56ec4a3d8a5e4db34ea71a7f6b9b670fa

SHA512
ade60c69eb3deea2108b4c985d6bffc55bf0e698f38faf4a6af6bcc8a5b2c8e36847ae7e85427e55ade49d685ae82e6e69366d0ac5356855ece4cff9b73e70cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe

Filesize
184KB

MD5
fedc8e2397863b482e1dc8af1af9570a

SHA1
f7d8bb21ddafae3f051fc8ca76c3e43c781f3860

SHA256
df7286707ed929ada2effda472e869bee1d85add866f13010474eb71c7d83485

SHA512
fef76e335501fca39c25e0fad3c3b6f5753c3e6ec27287e66bfe717617839081a10fbfce4a8a6c19946a140fc812335653b8a7bf283f391ee6cea7b75e71bc21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe

Filesize
184KB

MD5
85457381f60e59bd9489916d49300b24

SHA1
ea6831af9b9d1d6aa5f8e49f3bd367c6ac9bcdf0

SHA256
76eb99a3b41972dbe1744ca08a8a92ce4702561249f936f56db0e11c25ffe8b8

SHA512
893dbaf544d28885da42074e7750c479587664b7a90bfa175d15ebd6cee06acbef8d2714a94f85ad3771df9a6b36da76ca114945e2884deebef2ac3e5ae157a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe

Filesize
184KB

MD5
39927d04fc3493ea2aaa77af76fd2bae

SHA1
e9922e8e8426bf8d7617330c6fec5d3fb699c3da

SHA256
749b17a92dff055bdb19e4e3ae2cc4f88c9eb69b0f5acf180b2cd1e397ce7e38

SHA512
af0c78619a4b21b8114fea4ace9fd294e6f2d0bc58a092493f4bd78e36d1c9303387f7b480022a72a691b5c8455cc9911dafe1ef69c206f262c38d1985723520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe

Filesize
184KB

MD5
0df8222b20b9884a8a0a8144e93704b8

SHA1
75f9d4fa7a7f808c08bc89d26dd6621048bfae48

SHA256
63bb0f8feb180957a7b187c338bb60936b14c714e728cd7be31941db67b4a3c9

SHA512
6acdcf9e7e4e6d7bdbf65cbfdaec5826d8f05bca932ab5013089fd4fec177028a9d7534996715a5935936d50d6fc58480ffbaf8ac778afb8c6bc1eba32735adf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38848.exe

Filesize
184KB

MD5
6dfdc2d1f6efb8c7a5dc244b9a637ba9

SHA1
5c6f06aa323fac8d3d776d6b7c4536cac09c9602

SHA256
caccdf58062b1f9ca650f6c6be1dab534c7865c0d154a4a638f0e6e5df03a35f

SHA512
8b3a217eb041e71a812162f8b999e34137fdb5a55042ffd4dc7cf14ad6f833243c7b7e86d3831cc97e2b28f3d7f0f69f28b86111967344ab506ee0f030e642de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe

Filesize
184KB

MD5
23d928262697c52dd2ae69d7cc077054

SHA1
a62bb922e13e28595cd732ad027eccef437ad3bc

SHA256
39fe447a7e54b0e58eb6100a1e4919f9466d99aa6dadbb18d6e89dce0bf42c01

SHA512
6e38eb2afe486b0e35555e18fdca54f54d10a8e24b36e575e92c78688228c350037d6ca57d08af3f85099c21919e294665cb22cbf7ae519960179f6163f00f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe

Filesize
184KB

MD5
afc0c987869d4df9831bb4579a03541d

SHA1
7a73d4fb1836a44b422125ba4466f32d07bcc732

SHA256
5b0030c685e5e4cdcc6e1e68f560a4655b20099c8b579173f581ba7a85262f24

SHA512
51372865c5793c296e17cefbcf90e55264622c849eb32b415646dd024b491eb8d0514249c83b214bf1f745bb4dce9778e34bfcbb058a55e68041af65f1a27467

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe

Filesize
184KB

MD5
6367182dec7a577194f5b321316d0f5a

SHA1
9a33c015bf4daf54b66b93018b88051dd3755faf

SHA256
4f281d9d238bb8773baebce216165266b81dcdb910b12e3c03d48ff8a7e6df2e

SHA512
2c380a6aad07ee01d8414e1263842eeb578a064b347319e0258591b8e4f7da8e75c345ec5abb96035362bfa8e173736e601c50fb91fe6e84bef9eeff4c3641f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe

Filesize
184KB

MD5
65f969972af967039511ad6a43b8cda8

SHA1
d3aaf76629cc77971141d65c45c38a6d377323ca

SHA256
c89f18598f10ae5498e069780ea170c3a0cf02994d241de926519de52f729186

SHA512
98d401d7c803d74e10d5aafe7b084e704cee6b142790c0cad3f099252f4456596126bdb1f113d2945e2d58b119e8d6a54875ac8227bddfb3445199fd2dfcfd46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe

Filesize
184KB

MD5
3e0dbaf2f452a47d01a3f5ad8d0e3a11

SHA1
abc3dac15c930f03a723f299f832b49b3fdebe5a

SHA256
66c76c1aafad9146723b274431731b86129ba0125b25a941d4a2dbd2b8359812

SHA512
84f43f2b38c89b3388f38811e3a0dadde5f2949f7c89193be14856c43ea1ac77f981e32230a0a117cc98a0039bbc6eff80fdac3cc76f5c1fd9a5d82e9d9214f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe

Filesize
184KB

MD5
371d6836061a9ce8953878ffdd8f298f

SHA1
dee54eb62e16b9020129f0bba0b9ac02eb447fdf

SHA256
089052e0d8843b230aa4b6bbd8bb74050397492fcbcb12876bc244ac37a7c72c

SHA512
d7afed83592e44a31411924145518926d8775e983a64a98846ff0334a7cd9216a261467522b23f49bd17987e87ecbd8c76782bfee38932c510d50d1199e4dfcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe

Filesize
184KB

MD5
8aaa406c90a7d4112828eda89b9b7bdf

SHA1
b05b0df7b0757bba4084f362322197cbed390a27

SHA256
71568e3ce43e35db0a9709e67d6a8c88a958f1f49bd03cbfc4b37c3a5a31dabd

SHA512
a751f51afb0279054689e2c139981c554875b9d2611ef519ffccf02145b009322dffad3316a417da1be2f5200d276cf8c5ea65aa3661430dc4f209e14144312d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe

Filesize
184KB

MD5
6b49713ebfe5116a0719f3cdae4467ab

SHA1
c65210ca4e29f531effbf7d7620b5d2f54da1e88

SHA256
6f1aa3f745c45e6799cdf520b9b3ed1c072c036b4d1a8a1c457d7aa24f9ac64b

SHA512
b46b61dd6a6e4c2d4d26efaf0f02d9929f0b596d8ad87a56e2a9c8d3dcd5195e3e56ad4b909a933e93b1caff2b5922545d4d1d7a5b41056a26b7969671b7df52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe

Filesize
184KB

MD5
4fa83237d4f470476820b3a3899fd419

SHA1
5f0106d753244f2e3d0f4f53b4cca1214106dd47

SHA256
73090e74b23014bc4f3cbe2ceb768f049494a6023df588ecd53b051aa91bcbb5

SHA512
34275092826419126c7abbd6f8becc33d733a7168ab791a019ce9126b8f12f356fb4620d89c28ae9b44c28ce28ccd4773945c7eb46ef0ad84b936386fcccbe2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe

Filesize
184KB

MD5
c97873fe14c4274da4f355a084fbe395

SHA1
e93f6a98e68c762357ce198f614a1e5c88619d17

SHA256
123c7bd6c67a18330ae7095b81f493b54cdc44318fa5b49188beba3d9ce79aca

SHA512
554d4ed070ce33d09afa1172890036aa3d466bdba44a11389cf46ce5b356b67344374e8d8d9c37feb2ef5745b21589319d04db7f72c43b071b44b1598c18425e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe

Filesize
184KB

MD5
111d11cca3e7e2378f070ccfa55eb7d5

SHA1
21d9a861936cb35994d51a0f94027f753de2c904

SHA256
48c3de50b66f0aa6e3b3d11ab23dfa852581efe10d537d14fbfefccd83f14905

SHA512
31a56ddba2cb3ae72ccce9cee10e3046a5c39a93acd2b2698cb8cb0b75903fac73369b397ec60d7d6c19bb9c6150b43a032bcc8828f878e183b117107e94fff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe

Filesize
184KB

MD5
d2b3427829c1fb9f0ab1be8d6579aa6c

SHA1
42ffeb30c74f24a2ab46f1c1576ad8c6a5762ffc

SHA256
45131ae3e6124c4feba798ac5d1d4f2b208b878765932c69c6c3e42bf11ab5e6

SHA512
dd98a269fd88fa69c845f2b09e76b0397035549b9d771f142ef243fdfa12b4395f1e9302e0965b90f7bd559ce8b33b1d04dedb68365af1be3df721533170ae55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57114.exe

Filesize
184KB

MD5
7ecf24a4011ab0cc6e031156c459869d

SHA1
a8f117a6f9d35cf4ed8233ef11bed717ed7a8b49

SHA256
85bf22fe65acaddf64b24d81cbe2a1d46171155fc260630f10492fde7615a80d

SHA512
8ac7c9abed1afd548bee8166ef12363692f1c074fb126af12df916972ca4a5be9e158c5849e4043170e79fa296cd567bc27984dc9a655d9815ffb3554ded9601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe

Filesize
184KB

MD5
c38b7db3a6caff7b7ae9fa567488d8d8

SHA1
0516a3e211eceb63052d368c526c71220122628b

SHA256
7a4491d32c18d9256e7dbd7069789288e6a32677dc8cb80b41871f53fadbbd2d

SHA512
0c55f1bbde8b8ee32f9fc6764b5154fa0254b20ce661b27698b5948977b10cb91e3b72870af7059b9e009a5b410d2c9b1d5a2ae9640216eed6da7dd4c6fcb3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe

Filesize
184KB

MD5
02c7ce02b0177d63de3fdda8e90f6203

SHA1
d4b152aa0659b265aa5a2faec46f01377bf441b6

SHA256
8d8df7a3db3cfedab7a1d5347d61d3bca16fdf808cc893ef560398ead4b461e2

SHA512
102b9c34f1926f3bded89e289a606e2befb148305a4c94a4942f710420925a9dabda978644c2e3a5c44fbf20b1af0a4f3cabd0e961f9ee02ff0e110225d688e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe

Filesize
184KB

MD5
9aa13e5b72aa40f2749991856bda292f

SHA1
0109c49c90b7353dbc52915c066862d844518b0c

SHA256
9253ed4c4b10080bc4e53d1c6dfb45b2d8570c55b75d6408f1dc7d4343039eed

SHA512
5c2c11436eb14be4ce35f65b61b6ce30c6ab9a5d86fb981197491f032c58aa1b9914e4e60aab43ae08d9b5b9580baba071e7bc9b6bfd7aa36b035aee14a6cfdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe

Filesize
184KB

MD5
532e0b6607bc635e950fd3073ebdf513

SHA1
a06469c2e2d96a676c9bebe1d89f75c3051a0aeb

SHA256
f5f25f4797d6c5d7f5d64f242191816bbd4230be64a5269e99071874d15632ae

SHA512
cd5c83a2abcdffdd918e09664cfcb0328747c88fc040511e446996e840fa8c17d214414b652e5b2ea34d25454c5eed93d80bd1ceb24db9867ca7874cd061e2e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60923.exe

Filesize
184KB

MD5
bf0077216fbffe07432c19b0c6210d17

SHA1
d9ebcb2b7715e49270ab5931dc54619d9ee53e9d

SHA256
918568779756511b7665e4a0e32502a30a7911799c6262bdfc57bfaf0638c72a

SHA512
a0d21ce71809240d8a8e6738d8a2ecb079e8833740b88cdd49d74d13c970aa743f181d07eadccbe4e97a0956156880d69ed032821d84f70812a523162942b824

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe

Filesize
184KB

MD5
ee6f5c9d0834a56f2511b6adafd430b0

SHA1
fd657c820a144ebdc00573231632970261889b41

SHA256
afc4b2a83630040d51f84f160bf9962ab80ddd1bc18c0d704f1b1aa3c993e280

SHA512
5f4ff41e91594da0f4312057e1a8d00d551d3455a0afd20d35678ad3c06c3ba89d918703cde380146fde753edc16fe7274c8190ca224d3d0c05f1b166ba704d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe

Filesize
184KB

MD5
c62667c94705c529d604cb1c9a6c3a27

SHA1
ce474fde353913d237acba916b1c678b8e28acf4

SHA256
95801655a21364ec53915f407b668f903449b32d98a3b467b6cd4cb04882b365

SHA512
54149444f0c48c29a1d7acaaa7e3fa1e2c9215af7fb0d421e98458e501d87c59c5d97abc51d26108b96ef8539abec76c708051ac5f8715362e50494885b1fb4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe

Filesize
184KB

MD5
1f80f25b965d93935405ed7d6c81a2ce

SHA1
fad8f7eef4f3ffdbe1187556dd86fbc8201a3e3c

SHA256
c08284c775f0368a9ad6ce9e153025b650a87e0a32e068f802871af53a48e6f3

SHA512
0ea2a6e72b5cebd7fd1cc1f36f0dd2a9469087e1d6237a11660d28439ed8bfe02864945537691e09637a2b6126b58601bb543ae0fab82ae9bfea1b376d9aa60a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe

Filesize
184KB

MD5
1f823d2e6f8445a3fc226f1f24c12167

SHA1
93f9a3879d507023f490a644608d2327205ca4ca

SHA256
e78496502dbaae5df02dab1f8402f343795f639e285b26e2b98700d8541533e8

SHA512
8344c728ff9d898b2ceff6daacb223ab26f90505db247c685cb79ffeb9896597403f637560bb9f8074aadc204f5c337601f9a1163425b203184e17f705ffb79c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe

Filesize
184KB

MD5
5176269101fddc97d5c9ff884df69e7c

SHA1
02d5ab930eb9b2fad9e2a141728ebbd92fa90fe6

SHA256
f756e53c961ec6d1e3859061c8f981e48e785492402105d7030f880e13de1a20

SHA512
9b028d5b52ef433b67350771bc6dd09ba5d1d3cb92425817847068f7784e291e71f3ac07a17c17c316e822015fd90e40f54f4d7c85a6529aab39ea1b87d9796a

Download Submit
memory/184-2943-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/464-177-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/636-140-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/688-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/868-123-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/876-422-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1020-429-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1056-55-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1056-5496-0x0000000075020000-0x0000000075235000-memory.dmp

Filesize
2.1MB

Download
memory/1080-468-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1088-3961-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1100-261-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1160-408-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1168-322-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1224-128-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1232-107-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1260-427-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1352-499-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1388-539-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1392-409-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1420-211-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1424-219-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1488-188-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1496-478-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1500-320-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1524-395-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1532-63-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1564-14-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1564-5435-0x0000000076FE0000-0x0000000076FEA000-memory.dmp

Filesize
40KB

Download
memory/1608-137-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1616-271-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1708-323-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1808-521-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1892-70-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1896-3652-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1904-237-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1936-49-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2016-588-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2040-428-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2128-293-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2140-476-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2224-481-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2252-538-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2320-329-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2384-457-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2448-489-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2456-247-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2480-114-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2556-90-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2588-501-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2688-226-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2728-520-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2740-477-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2748-332-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2756-321-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2848-179-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2856-282-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2860-3185-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2912-393-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3028-87-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3052-363-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3076-364-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3164-262-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3184-4362-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3212-330-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3432-453-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3524-4099-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3584-365-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3632-4445-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3640-331-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3644-155-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3716-6480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3732-319-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3768-33-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3812-487-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3848-43-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3948-540-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3992-149-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4016-88-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4144-576-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4200-240-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4208-189-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4212-371-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4264-394-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4304-436-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4348-537-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4376-360-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4384-276-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4440-89-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4516-438-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4536-380-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4556-27-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4568-523-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4684-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4728-191-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4852-587-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4860-190-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4916-423-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4920-333-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4936-525-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4940-280-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4952-311-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4984-21-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5008-580-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5020-254-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5104-236-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5156-4198-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5516-6030-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/11612-3243-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/12832-4446-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/13128-3262-0x0000000076FE0000-0x0000000076FEA000-memory.dmp

Filesize
40KB

Download
memory/14224-3186-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14232-3179-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14264-4104-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14420-3330-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14504-2991-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14572-3384-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14596-6306-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14608-4199-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14612-6517-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14628-3242-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/14812-4201-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15268-5613-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15580-3983-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15872-4203-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15904-4542-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15908-2944-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/15944-4187-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16008-6637-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16344-3986-0x0000000075370000-0x0000000075490000-memory.dmp

Filesize
1.1MB

Download
memory/16432-2942-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16504-3332-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16544-6070-0x00007FFF144C0000-0x00007FFF14543000-memory.dmp

Filesize
524KB

Download
memory/16616-2965-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16876-2956-0x00000000759A0000-0x00000000759C4000-memory.dmp

Filesize
144KB

Download
memory/16912-4549-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17028-3331-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17120-4704-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17188-3335-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/17372-6305-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads