87d1c648fb22470d8bc2aa3326912786d68c832a5e9d5f88d8f825ef01110fe8

Analysis

max time kernel
120s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43a2b9223166af90d63d7d7be0bc2810N.exe
Size

184KB
MD5

43a2b9223166af90d63d7d7be0bc2810
SHA1

8507220698e10317d9a8fe71a8d8f35301fbb0c2
SHA256

87d1c648fb22470d8bc2aa3326912786d68c832a5e9d5f88d8f825ef01110fe8
SHA512

7df88923ff7a22ee935c35d84ac23d5cfb112a3d98a933717370b5109f45fb1a9fa9132a6b7801ee2288ed31ab03e795e5f43cf605f72486ed167e518c2b8318
SSDEEP

3072:i5naiCo0/fvpdfE4ZvF8tpXClvnqnviuS:i5moanfES8LXClPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2452	Unicorn-3199.exe
4236	Unicorn-56064.exe
4492	Unicorn-3526.exe
2052	Unicorn-35696.exe
4940	Unicorn-48695.exe
1900	Unicorn-35888.exe
4208	Unicorn-29757.exe
1628	Unicorn-39168.exe
4840	Unicorn-365.exe
4864	Unicorn-6495.exe
4668	Unicorn-1321.exe
4896	Unicorn-38784.exe
4048	Unicorn-6111.exe
468	Unicorn-51783.exe
3964	Unicorn-4201.exe
4396	Unicorn-40912.exe
752	Unicorn-24576.exe
2000	Unicorn-23434.exe
380	Unicorn-4710.exe
2768	Unicorn-23315.exe
1600	Unicorn-23315.exe
1464	Unicorn-58483.exe
1332	Unicorn-43216.exe
2980	Unicorn-58099.exe
4368	Unicorn-38233.exe
2216	Unicorn-58099.exe
2600	Unicorn-38233.exe
4872	Unicorn-51969.exe
1344	Unicorn-51969.exe
320	Unicorn-38233.exe
3120	Unicorn-49169.exe
4240	Unicorn-59856.exe
628	Unicorn-59472.exe
2540	Unicorn-56135.exe
4512	Unicorn-13151.exe
4440	Unicorn-44563.exe
4244	Unicorn-7593.exe
3564	Unicorn-51393.exe
3800	Unicorn-38049.exe
3660	Unicorn-8854.exe
1192	Unicorn-40457.exe
3728	Unicorn-28336.exe
3944	Unicorn-11999.exe
3796	Unicorn-9897.exe
3992	Unicorn-43831.exe
3768	Unicorn-46208.exe
3868	Unicorn-45367.exe
3676	Unicorn-48019.exe
1088	Unicorn-16224.exe
4184	Unicorn-63514.exe
1056	Unicorn-26045.exe
3244	Unicorn-14194.exe
4656	Unicorn-30531.exe
4084	Unicorn-64464.exe
3176	Unicorn-41998.exe
4604	Unicorn-27385.exe
1224	Unicorn-30531.exe
4976	Unicorn-13810.exe
2812	Unicorn-41998.exe
464	Unicorn-46986.exe
3636	Unicorn-4681.exe
1864	Unicorn-23536.exe
4340	Unicorn-36534.exe
1772	Unicorn-36534.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
5752	464	WerFault.exe	144
6580	4320	WerFault.exe	187
17004	16872	WerFault.exe	822
17128	13228	WerFault.exe	613
17120	13124	WerFault.exe	611
17192	13192	WerFault.exe	612
17336	13320	WerFault.exe	640
16600	13688	WerFault.exe	653
16632	14080	WerFault.exe	660
16748	12692	WerFault.exe	665
8336	13108	WerFault.exe	670
4456	15204	WerFault.exe	729

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
436	43a2b9223166af90d63d7d7be0bc2810N.exe
2452	Unicorn-3199.exe
4236	Unicorn-56064.exe
4492	Unicorn-3526.exe
2052	Unicorn-35696.exe
4940	Unicorn-48695.exe
1900	Unicorn-35888.exe
4208	Unicorn-29757.exe
1628	Unicorn-39168.exe
4840	Unicorn-365.exe
4668	Unicorn-1321.exe
4864	Unicorn-6495.exe
4896	Unicorn-38784.exe
468	Unicorn-51783.exe
4048	Unicorn-6111.exe
3964	Unicorn-4201.exe
4396	Unicorn-40912.exe
2000	Unicorn-23434.exe
752	Unicorn-24576.exe
380	Unicorn-4710.exe
1600	Unicorn-23315.exe
2768	Unicorn-23315.exe
1464	Unicorn-58483.exe
1332	Unicorn-43216.exe
4368	Unicorn-38233.exe
1344	Unicorn-51969.exe
2216	Unicorn-58099.exe
4872	Unicorn-51969.exe
2980	Unicorn-58099.exe
320	Unicorn-38233.exe
2600	Unicorn-38233.exe
3120	Unicorn-49169.exe
4240	Unicorn-59856.exe
628	Unicorn-59472.exe
2540	Unicorn-56135.exe
4512	Unicorn-13151.exe
4440	Unicorn-44563.exe
4244	Unicorn-7593.exe
1192	Unicorn-40457.exe
3660	Unicorn-8854.exe
3800	Unicorn-38049.exe
3564	Unicorn-51393.exe
3728	Unicorn-28336.exe
3944	Unicorn-11999.exe
3796	Unicorn-9897.exe
3992	Unicorn-43831.exe
3768	Unicorn-46208.exe
3868	Unicorn-45367.exe
1088	Unicorn-16224.exe
3676	Unicorn-48019.exe
4604	Unicorn-27385.exe
1224	Unicorn-30531.exe
3244	Unicorn-14194.exe
3176	Unicorn-41998.exe
1056	Unicorn-26045.exe
4184	Unicorn-63514.exe
4976	Unicorn-13810.exe
4084	Unicorn-64464.exe
4656	Unicorn-30531.exe
3636	Unicorn-4681.exe
464	Unicorn-46986.exe
2812	Unicorn-41998.exe
1864	Unicorn-23536.exe
4340	Unicorn-36534.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 2452	436	43a2b9223166af90d63d7d7be0bc2810N.exe	86
PID 436 wrote to memory of 2452	436	43a2b9223166af90d63d7d7be0bc2810N.exe	86
PID 436 wrote to memory of 2452	436	43a2b9223166af90d63d7d7be0bc2810N.exe	86
PID 2452 wrote to memory of 4236	2452	Unicorn-3199.exe	87
PID 2452 wrote to memory of 4236	2452	Unicorn-3199.exe	87
PID 2452 wrote to memory of 4236	2452	Unicorn-3199.exe	87
PID 436 wrote to memory of 4492	436	43a2b9223166af90d63d7d7be0bc2810N.exe	88
PID 436 wrote to memory of 4492	436	43a2b9223166af90d63d7d7be0bc2810N.exe	88
PID 436 wrote to memory of 4492	436	43a2b9223166af90d63d7d7be0bc2810N.exe	88
PID 4236 wrote to memory of 2052	4236	Unicorn-56064.exe	89
PID 4236 wrote to memory of 2052	4236	Unicorn-56064.exe	89
PID 4236 wrote to memory of 2052	4236	Unicorn-56064.exe	89
PID 2452 wrote to memory of 4940	2452	Unicorn-3199.exe	90
PID 2452 wrote to memory of 4940	2452	Unicorn-3199.exe	90
PID 2452 wrote to memory of 4940	2452	Unicorn-3199.exe	90
PID 4492 wrote to memory of 1900	4492	Unicorn-3526.exe	91
PID 4492 wrote to memory of 1900	4492	Unicorn-3526.exe	91
PID 4492 wrote to memory of 1900	4492	Unicorn-3526.exe	91
PID 436 wrote to memory of 4208	436	43a2b9223166af90d63d7d7be0bc2810N.exe	92
PID 436 wrote to memory of 4208	436	43a2b9223166af90d63d7d7be0bc2810N.exe	92
PID 436 wrote to memory of 4208	436	43a2b9223166af90d63d7d7be0bc2810N.exe	92
PID 4940 wrote to memory of 1628	4940	Unicorn-48695.exe	93
PID 4940 wrote to memory of 1628	4940	Unicorn-48695.exe	93
PID 4940 wrote to memory of 1628	4940	Unicorn-48695.exe	93
PID 2452 wrote to memory of 4840	2452	Unicorn-3199.exe	94
PID 2452 wrote to memory of 4840	2452	Unicorn-3199.exe	94
PID 2452 wrote to memory of 4840	2452	Unicorn-3199.exe	94
PID 2052 wrote to memory of 4864	2052	Unicorn-35696.exe	95
PID 2052 wrote to memory of 4864	2052	Unicorn-35696.exe	95
PID 2052 wrote to memory of 4864	2052	Unicorn-35696.exe	95
PID 4236 wrote to memory of 4668	4236	Unicorn-56064.exe	96
PID 4236 wrote to memory of 4668	4236	Unicorn-56064.exe	96
PID 4236 wrote to memory of 4668	4236	Unicorn-56064.exe	96
PID 1900 wrote to memory of 4896	1900	Unicorn-35888.exe	97
PID 1900 wrote to memory of 4896	1900	Unicorn-35888.exe	97
PID 1900 wrote to memory of 4896	1900	Unicorn-35888.exe	97
PID 4208 wrote to memory of 4048	4208	Unicorn-29757.exe	99
PID 4208 wrote to memory of 4048	4208	Unicorn-29757.exe	99
PID 4208 wrote to memory of 4048	4208	Unicorn-29757.exe	99
PID 4492 wrote to memory of 468	4492	Unicorn-3526.exe	98
PID 4492 wrote to memory of 468	4492	Unicorn-3526.exe	98
PID 4492 wrote to memory of 468	4492	Unicorn-3526.exe	98
PID 436 wrote to memory of 3964	436	43a2b9223166af90d63d7d7be0bc2810N.exe	100
PID 436 wrote to memory of 3964	436	43a2b9223166af90d63d7d7be0bc2810N.exe	100
PID 436 wrote to memory of 3964	436	43a2b9223166af90d63d7d7be0bc2810N.exe	100
PID 1628 wrote to memory of 4396	1628	Unicorn-39168.exe	101
PID 1628 wrote to memory of 4396	1628	Unicorn-39168.exe	101
PID 1628 wrote to memory of 4396	1628	Unicorn-39168.exe	101
PID 4840 wrote to memory of 752	4840	Unicorn-365.exe	103
PID 4840 wrote to memory of 752	4840	Unicorn-365.exe	103
PID 4840 wrote to memory of 752	4840	Unicorn-365.exe	103
PID 2452 wrote to memory of 2000	2452	Unicorn-3199.exe	104
PID 2452 wrote to memory of 2000	2452	Unicorn-3199.exe	104
PID 2452 wrote to memory of 2000	2452	Unicorn-3199.exe	104
PID 4940 wrote to memory of 380	4940	Unicorn-48695.exe	102
PID 4940 wrote to memory of 380	4940	Unicorn-48695.exe	102
PID 4940 wrote to memory of 380	4940	Unicorn-48695.exe	102
PID 468 wrote to memory of 2768	468	Unicorn-51783.exe	105
PID 468 wrote to memory of 2768	468	Unicorn-51783.exe	105
PID 468 wrote to memory of 2768	468	Unicorn-51783.exe	105
PID 4864 wrote to memory of 1600	4864	Unicorn-6495.exe	106
PID 4864 wrote to memory of 1600	4864	Unicorn-6495.exe	106
PID 4864 wrote to memory of 1600	4864	Unicorn-6495.exe	106
PID 4896 wrote to memory of 1464	4896	Unicorn-38784.exe	107

C:\Users\Admin\AppData\Local\Temp\43a2b9223166af90d63d7d7be0bc2810N.exe
"C:\Users\Admin\AppData\Local\Temp\43a2b9223166af90d63d7d7be0bc2810N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26294.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
        11⤵
        
        PID:14504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        11⤵
        
        PID:18316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        10⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        10⤵
        
        PID:15612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        10⤵
        
        PID:17664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        9⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        10⤵
        
        PID:18476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
        9⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        9⤵
        
        PID:15520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        9⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        9⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        9⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        9⤵
        
        PID:16856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        9⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        9⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        9⤵
        
        PID:17468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
        8⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        8⤵
        
        PID:17756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        8⤵
        
        PID:13656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        7⤵
        
        PID:18672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        9⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        9⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        9⤵
        
        PID:17016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        8⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        8⤵
        
        PID:14428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        7⤵
        
        PID:14980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        6⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        8⤵
        
        PID:15028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        8⤵
        
        PID:17672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        7⤵
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        9⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        9⤵
        
        PID:18168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        8⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        8⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14080 -s 424
        9⤵
        Program crash
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        8⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        7⤵
        
        PID:15156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:18380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        6⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        7⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        8⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        8⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        7⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        7⤵
        
        PID:17836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        7⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13320 -s 436
        8⤵
        Program crash
        
        PID:17336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        6⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        6⤵
        
        PID:17796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        7⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        8⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        8⤵
        
        PID:16752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        7⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        6⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        6⤵
        
        PID:14492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:18484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11913.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
        6⤵
        
        PID:16872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16872 -s 72
        7⤵
        Program crash
        
        PID:17004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        5⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        7⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        8⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        9⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        8⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        8⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        8⤵
        
        PID:17476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:13416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        7⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        7⤵
        
        PID:17516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30390.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        8⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        8⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        8⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        7⤵
        
        PID:12312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        7⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        6⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        7⤵
        
        PID:14700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:18700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        6⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        8⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        8⤵
        
        PID:17008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
        7⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
        7⤵
        
        PID:13536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:18276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        6⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:18176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        6⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12496.exe
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        6⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        6⤵
        
        PID:12416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        6⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        5⤵
        
        PID:16296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        5⤵
        
        PID:18160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        8⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        8⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        8⤵
        
        PID:18108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39062.exe
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        7⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        7⤵
        
        PID:14448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        6⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        6⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        7⤵
        
        PID:15016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        6⤵
        
        PID:5268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        6⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        5⤵
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        6⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        6⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        5⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        5⤵
        
        PID:14376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:18268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 636
        5⤵
        Program crash
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52862.exe
      4⤵
      PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        6⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        6⤵
        
        PID:17320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
        5⤵
        
        PID:15472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        5⤵
        
        PID:18204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
      4⤵
      PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
      4⤵
      PID:17992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        10⤵
        
        PID:13400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        9⤵
        
        PID:16892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57623.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
        9⤵
        
        PID:13732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        9⤵
        
        PID:17824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        8⤵
        
        PID:16220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3481.exe
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        8⤵
        
        PID:13596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        7⤵
        
        PID:17772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        6⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        7⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61690.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4431.exe
        7⤵
        
        PID:12992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        7⤵
        
        PID:12428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        6⤵
        
        PID:15604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        6⤵
        
        PID:18016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        6⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35200.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        9⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        9⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47079.exe
        8⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        8⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        7⤵
        
        PID:15820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26275.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
        8⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        7⤵
        
        PID:17072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7622.exe
        6⤵
        
        PID:13420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        6⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44112.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        7⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:13544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        8⤵
        
        PID:18236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        7⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        7⤵
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        6⤵
        
        PID:9952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25239.exe
        6⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        6⤵
        
        PID:428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        7⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:17260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        6⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        5⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        5⤵
        
        PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        6⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45511.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        8⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        7⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        7⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
        7⤵
        
        PID:12620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        6⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        6⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        6⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        5⤵
        
        PID:11224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34896.exe
        6⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        7⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:13448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        8⤵
        
        PID:18228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        6⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        6⤵
        
        PID:10456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        6⤵
        
        PID:14696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        5⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        6⤵
        
        PID:18724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
        5⤵
        
        PID:12652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        5⤵
        
        PID:16968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
      4⤵
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24150.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
        6⤵
        
        PID:16652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        5⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
      4⤵
      PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        5⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        5⤵
        
        PID:15008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
      4⤵
      PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
      4⤵
      PID:17764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        5⤵
        Executes dropped EXE
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28544.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        7⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        8⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        8⤵
        
        PID:14388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        7⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        7⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:18284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1359.exe
        7⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        7⤵
        
        PID:13740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
        6⤵
        
        PID:11708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        6⤵
        
        PID:15528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
        7⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        6⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        6⤵
        
        PID:12580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        6⤵
        
        PID:18252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        5⤵
        
        PID:11080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        5⤵
        
        PID:18028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30739.exe
        5⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
        6⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        8⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        7⤵
        
        PID:15120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
        7⤵
        
        PID:18504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8806.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        7⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        7⤵
        
        PID:17908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65383.exe
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        6⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28311.exe
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        5⤵
        
        PID:8160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29232.exe
        6⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        5⤵
        
        PID:15500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62183.exe
        6⤵
        
        PID:12032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        6⤵
        
        PID:18120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4898.exe
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
      4⤵
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        5⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        5⤵
        
        PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
      4⤵
      PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        5⤵
        
        PID:18420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
      4⤵
      PID:15596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        5⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4399.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24166.exe
        7⤵
        
        PID:15536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        7⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
        6⤵
        
        PID:8904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43879.exe
        6⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        6⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18550.exe
        5⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        5⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        6⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        7⤵
        
        PID:13512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63610.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
        5⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        6⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
        5⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        5⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        5⤵
        
        PID:18044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        6⤵
        
        PID:12628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        6⤵
        
        PID:18324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        5⤵
        
        PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
      4⤵
      PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        5⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:17336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
      4⤵
      PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
      4⤵
      PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        5⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        5⤵
        
        PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
      4⤵
      PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
      4⤵
      PID:15624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
    3⤵
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        5⤵
        
        PID:13108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13108 -s 436
        6⤵
        Program crash
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
      4⤵
      PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
      4⤵
      PID:10496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
      4⤵
      PID:13480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
      4⤵
      PID:9496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
      4⤵
      PID:13164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24517.exe
    3⤵
    PID:9060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18750.exe
    3⤵
    PID:12872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
    3⤵
    PID:17236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41984.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        9⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        9⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        9⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        9⤵
        
        PID:16936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        8⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        8⤵
        
        PID:16640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        8⤵
        
        PID:18692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        7⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45127.exe
        8⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        8⤵
        
        PID:14964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        8⤵
        
        PID:17524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        8⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        8⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        7⤵
        
        PID:16604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
        7⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        6⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        8⤵
        
        PID:18448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        7⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6845.exe
        6⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49760.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        8⤵
        
        PID:18184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        7⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:18192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        6⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        6⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        6⤵
        
        PID:18136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
        6⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        7⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        9⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        8⤵
        
        PID:17284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27638.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        7⤵
        
        PID:16668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        7⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
        6⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        8⤵
        
        PID:18388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        7⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        6⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        7⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        7⤵
        
        PID:18684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        6⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        8⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        8⤵
        
        PID:16736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        7⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        6⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        7⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        7⤵
        
        PID:17868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62894.exe
        6⤵
        
        PID:15804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        6⤵
        
        PID:18608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        5⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        6⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61854.exe
        5⤵
        
        PID:9156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        5⤵
        
        PID:18464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25472.exe
        6⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        7⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        8⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        8⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        6⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        7⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        6⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57437.exe
        6⤵
        
        PID:17652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        6⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        7⤵
        
        PID:12496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62001.exe
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28301.exe
        5⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        6⤵
        
        PID:12784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
        6⤵
        
        PID:17360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        5⤵
        
        PID:15088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6162.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        7⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        7⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12692 -s 476
        8⤵
        Program crash
        
        PID:16748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        6⤵
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        6⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        6⤵
        
        PID:18456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
        5⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
      4⤵
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        8⤵
        
        PID:15308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        7⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        7⤵
        
        PID:13504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        7⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        6⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        7⤵
        
        PID:13172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:18364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        6⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        6⤵
        
        PID:13764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        7⤵
        
        PID:15252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        5⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        6⤵
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
        6⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
        6⤵
        
        PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61806.exe
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
        6⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        7⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10182.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
        5⤵
        
        PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46430.exe
      4⤵
      PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        6⤵
        
        PID:10088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
      4⤵
      PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        5⤵
        
        PID:15204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15204 -s 476
        6⤵
        Program crash
        
        PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      4⤵
      PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        7⤵
        
        PID:14544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        7⤵
        
        PID:17700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        6⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65194.exe
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:16624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
      4⤵
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        5⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29245.exe
        5⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        5⤵
        
        PID:16964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22387.exe
        5⤵
        
        PID:13824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
      4⤵
      PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9926.exe
        6⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        5⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        5⤵
        
        PID:12880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        5⤵
        
        PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
      4⤵
      PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57866.exe
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        5⤵
        
        PID:16692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60814.exe
      4⤵
      PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
      4⤵
      PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7359.exe
      4⤵
      PID:18144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
    3⤵
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
      4⤵
      PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
      4⤵
      PID:14184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
    3⤵
    PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
      4⤵
      PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      4⤵
      PID:17732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23378.exe
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
    3⤵
    PID:14688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
    3⤵
    PID:13348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34304.exe
        6⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        8⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        8⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        8⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        7⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        7⤵
        
        PID:13132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        7⤵
        
        PID:17876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        6⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
        6⤵
        
        PID:11100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        6⤵
        
        PID:15924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        6⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45280.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        7⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61588.exe
        7⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        6⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        7⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        7⤵
        
        PID:18348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        6⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        5⤵
        
        PID:7648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30285.exe
        5⤵
        
        PID:13192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13192 -s 464
        6⤵
        Program crash
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        6⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        7⤵
        
        PID:17884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54650.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        6⤵
        
        PID:13340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        6⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27718.exe
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        6⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42121.exe
        6⤵
        
        PID:14364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        6⤵
        
        PID:18372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        6⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        5⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        5⤵
        
        PID:13124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13124 -s 464
        6⤵
        Program crash
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        5⤵
        
        PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        5⤵
        
        PID:13148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        5⤵
        
        PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
      4⤵
      PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
      4⤵
      PID:17244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        5⤵
        
        PID:4320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 632
        6⤵
        Program crash
        
        PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        5⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        6⤵
        
        PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        5⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65361.exe
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        5⤵
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35552.exe
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      4⤵
      PID:16788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
      4⤵
      PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
        5⤵
        
        PID:8380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        6⤵
        
        PID:13408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        6⤵
        
        PID:18396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
        5⤵
        
        PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        5⤵
        
        PID:14904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
      4⤵
      PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63614.exe
      4⤵
      PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
      4⤵
      PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
      4⤵
      PID:17780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
    3⤵
    PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
      4⤵
      PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
      4⤵
      PID:12264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
      4⤵
      PID:12560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19741.exe
    3⤵
    PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
      4⤵
      PID:4480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
    3⤵
    PID:10336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
    3⤵
    PID:13468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
    3⤵
    PID:5524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54727.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        5⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        5⤵
        
        PID:14728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25302.exe
        5⤵
        
        PID:17804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57002.exe
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        6⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        5⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18384.exe
        5⤵
        
        PID:14456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
      4⤵
      PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        5⤵
        
        PID:13688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13688 -s 428
        6⤵
        Program crash
        
        PID:16600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        5⤵
        
        PID:14188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
      4⤵
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
      4⤵
      PID:18512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29347.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        5⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
      4⤵
      PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        5⤵
        
        PID:13328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      4⤵
      PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50272.exe
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        5⤵
        
        PID:13432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        5⤵
        
        PID:13724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
      4⤵
      PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
      4⤵
      PID:18152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
      4⤵
      PID:13880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
    3⤵
    PID:15164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
    3⤵
    PID:18080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20790.exe
      4⤵
      PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46679.exe
        5⤵
        
        PID:232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22365.exe
      4⤵
      PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        5⤵
        
        PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
      4⤵
      PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
      4⤵
      PID:14128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41926.exe
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        5⤵
        
        PID:13048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
      4⤵
      PID:14720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57636.exe
      4⤵
      PID:18520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
    3⤵
    PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
      4⤵
      PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
      4⤵
      PID:14060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
    3⤵
    PID:11788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
    3⤵
    PID:16652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
    3⤵
    PID:4428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
      4⤵
      PID:13228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13228 -s 464
        5⤵
        Program crash
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
      4⤵
      PID:13624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
    3⤵
    PID:9208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
    3⤵
    PID:12612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
    3⤵
    PID:17388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
  2⤵
  PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
    3⤵
    PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
      4⤵
      PID:10208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
      4⤵
      PID:14340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
      4⤵
      PID:17592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
    3⤵
    PID:15076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
    3⤵
    PID:17500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
  2⤵
  PID:7268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
    3⤵
    PID:13704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
    3⤵
    PID:4680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49086.exe
  2⤵
  PID:10288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
  2⤵
  PID:15060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
  2⤵
  PID:17848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 464 -ip 464
1⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4320 -ip 4320
1⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 16872 -ip 16872
1⤵
PID:16964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 880 -ip 880
1⤵
PID:17092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 13300 -ip 13300
1⤵
PID:17100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3684 -ip 3684
1⤵
PID:17160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 13288 -ip 13288
1⤵
PID:17268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 13476 -ip 13476
1⤵
PID:15576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 12692 -ip 12692
1⤵
PID:16752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 13108 -ip 13108
1⤵
PID:16672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 15204 -ip 15204
1⤵
PID:17156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 13536 -ip 13536
1⤵
PID:17176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 13076 -ip 13076
1⤵
PID:17132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 13260 -ip 13260
1⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 12628 -ip 12628
1⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 12564 -ip 12564
1⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 12580 -ip 12580
1⤵
PID:13820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe

Filesize
184KB

MD5
ad9e20b510a81e0d5a827b927adb0b05

SHA1
2636e784ce7e4e5d96762680c83dae07e38c5461

SHA256
c9c020207e178d31ddb92428abaa635f0e02c696cda8bff8881d1b2b5a750ea1

SHA512
4410b6723661788069a8ca76c82a94d2863e495ee49ecc62f1d75617c16e1aa7a52703e5320f263baf0ba4dd7d42fec7acee5da6bd3034c5368f5c1495a62e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe

Filesize
184KB

MD5
01dc5b60afbd1a44b6e22e1bb3e01285

SHA1
c14ead617e0debd04742de8615cb690f51793b62

SHA256
a48a5ef348f7c125099c421a1312e5fbd9803f28280afd9a15b3f4017226e43a

SHA512
1058d81519cdff2353e2afed0da3f68778ee8afe8583e14d31b02c3dcbdee781623ecfa07c12559332647b522be1e2cb0a2ecffc50491d7a1d4ca3154a3a84a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe

Filesize
184KB

MD5
42dd1c6e11cf5cb6ddfc7840a367acfe

SHA1
1ffdc923f51fe60290f1d157e6c1686978dc772f

SHA256
c6dd02c2786756c1d039288c07fa0c1f9578e36c5717c0085882a24ee82bde5f

SHA512
1b0ebd4bbcb7f4fceb9f855a3f682591de0feaddff7e0835910da0f37aecd3959b8c553b0ee60b92d92ba51cf9f115eb93967e2b00bf9fcf5a405da9038c4992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe

Filesize
184KB

MD5
824a4c8739b73ac88dadc3ef6f4a9a9c

SHA1
55681787050072fcaa31836b5567cf587cc56960

SHA256
b41b4a063c323152504b098c49fdcc5650369f34bc7e210944e555bfd09c8910

SHA512
81680307158b4cd6d961cc9d0b6fc7dd238654f5d8047273fbe1a0dea2a6576df15c2e767150b4f6a2914c3c10c639557722664a3fc08b2c52f582962d2e4164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe

Filesize
184KB

MD5
3e9ca3e21120942301d25dd64e84f16f

SHA1
34e884e5783c57f19001c9f625f042c792edbdba

SHA256
e8b8c1341a3779ba4a94a502b79de17672fa3d0e1d53f77beb6a5ff47b05ddd1

SHA512
92399af16a1182f18defe113737012bc0c1a549bd6318cb07d4cda2f7ff3dd938cb4fb66e8d1dc71a434861293d0f719e1c0e20ff94dc5a08d48f893bd91104d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe

Filesize
184KB

MD5
38231edc567ddb17c862d6f5f0465198

SHA1
f2860bfa829f43d02debbf3d027945d86cf89a60

SHA256
7ddefe0ae5c6a8e5b7af629e8adcb4923d0d9972d6db9ec21a9cf21aff18473b

SHA512
5ec4594cfa1577ef10c1ea5de2c612ecad62fb3b21050e301b2d873160bbd9fa689b00e9106b186fa650ccf87843fda2cf48ee76c133e4a4043ddfed7da17ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe

Filesize
184KB

MD5
bae09e0496d22d9c6aecfa5134be3dd0

SHA1
09df662ddfbe6efdd73366f24ddead0cd7badf1f

SHA256
3d78b7fb2038160304d8ebcd98cf917fc1267e9973e7e5e81f1b7a493e0c2f9d

SHA512
13d7439fd1dd6049b661ed372f388d8c7057880fd8c071563a1ad69694f22699e90f7ecf505daf1a36ca993bc418f19c8335de151e6d49373a36d0521271b63f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe

Filesize
184KB

MD5
327d92b91329c74cc209a6f2b781d536

SHA1
d2f7cbce1c1a39d2c92f2e95080783293f68b206

SHA256
7d292efa1c3bd5e0e5ccb5940f5252e42efb247a3d5a79f3ba033093bcb3901c

SHA512
48c7f66de838d794033bbea30e978669f9372ba137d06a1c2d20f1d935825fc948c2a6eb9099f5381c016df2758f6afee5a4f815877dc41b529a645aaab69674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe

Filesize
184KB

MD5
2943f3bdb308622c07d8f0a600e7b040

SHA1
911a1a11af3dd4a4a7c0f709203499063fa91b82

SHA256
5ef652c0d51d6ee6b608a6e12b476747aa9913e56c119f42e83ef9cf452aab9e

SHA512
0ef0fb9084c9525d07c746e828b837864c9d2db83267d9f72d1ea3efe350368e406b6d8eaa7d9cde410ff1b1fbca3f7b7a65f1dbbf5627277fbfb7ba9fb62cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3526.exe

Filesize
184KB

MD5
8149a25fa368617e505031dcd069f811

SHA1
bf0175870ef320744999db7ec7a525143a2f8b9f

SHA256
3185263cd59eb59f0640639f5c86ebe2318f79182e76c72f4307ee1f8fe04583

SHA512
0970709b51f8dcfc453842e7a41e08fcbc05d2cbe4910e54c886ee6421e8b4893e0d74d9f96004d8bf8a2822df2ced88ac04da80ae897111139008f0c9f17e7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe

Filesize
184KB

MD5
b4dfbbd9beaa1e390223529e8e9fdb20

SHA1
b42257656f1d45aa11e1c700fc6736c10d3b2666

SHA256
4b7f8caf73a57fe24853fa050d4941d1ee33ff632e0204b3e32b805efe291fab

SHA512
c2efc4fba9d1e12b02ac4a5cb32a455c3ba28c5487ce23b27048a78cb666dba19628a2aacb30924321961adce2f317d32b98232a9baec15a13669df95c2c8eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe

Filesize
184KB

MD5
908acc689325be5c15dda8748603700d

SHA1
d771c710ab3d9bf4a497a172ed45724063f5ac7e

SHA256
efc90770195bc5cfb3605bda4fbe872b4805b5bc4668255332c4292e15abb8e0

SHA512
cdf964b4a6e786f76cd4fff4c70abace98eee7f6c5756c48a9e387c45800ddd5d1c9efefaebb8962a7c41716537ac49dbb9c98012ef3ab062b9c5337b21246d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe

Filesize
184KB

MD5
970fe8fcc9305d742eef39924844aacb

SHA1
752f61b16200938ee88748cba29c5ef765809db4

SHA256
1f1befcafb4b654a550bdf7105136f5fa9ca4cdd5ad720e1fa86a3f2cd87749d

SHA512
1164a5a76abcae8a77985ae57cf78acb94d01dcfd2021ac89773fdaa4af6896ed20619f3a9527f60fb140a4c135ad825d0c43977ab7357e5e4feaba4670f214e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe

Filesize
184KB

MD5
aab741fecd1364db84dcb4a68dabb84a

SHA1
94d2f1165a4a16672bf0848b3449e63ce2fedf7c

SHA256
129d1eb4acaf4181d542de343f466297a7f88c206c8d5de60c93a9391290f731

SHA512
1b126f30ce68131059d52bad3e828705dc6ffbf13bebc92fc433ed14807d5ac0bbed35c097eb4c83d5fd71a7a21c6ade28710b004b69b5baa7330f311653d209

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe

Filesize
184KB

MD5
ef8fca6fba0a34ac209a77fd14f84bc5

SHA1
f64ee07b53ab33480b08390b3a1fabd80e6bb64e

SHA256
8f8e8486fc713ed058b3d0bbdd23ce05eaef2830b4598a1d073739b99739721e

SHA512
f06ccdcc0f184a071e8ab5c41d2f041b290fb73dd197ee86eb652e9ea7e37ebac0190e7ea90a33f6431d494852af091772d28185bc53587afcb3dde3c793909f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe

Filesize
184KB

MD5
00af70b10549a97eb82cef84c6fb8dd4

SHA1
ef1f6ecbf5024ecea9019303b8f3b49b2256a395

SHA256
70774f11b5952f8d55aa191205150cab5883ccc21ecdbecd15195a46b8ccc12a

SHA512
b0ab0ded21ff785d274d680b1ec71b2d9411cb96337238d0564e306eabfca6a4bdd042fc8d19977c2dbb40cf78b96b5db7ecc493b07e3e2db99ef9356b81732e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe

Filesize
184KB

MD5
8c219db6e8a1f7f84a593d427ee42120

SHA1
ff27178f981dc5413f9634afa574dbcf9d6545d5

SHA256
482c9a251e74407a25d7ab19cbe4847b22a10001b242aed3ef05adf738760ad8

SHA512
5ac815f624b4270ea882c09e405e5e650c28d6a3b38f3e6e62d508d76ff3c5eb36908503aaf8e8d6846826d9a4e09e6a36c6a37c72051ea63bce25929f098205

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe

Filesize
184KB

MD5
765b4b0269d9e2afbde12f20c566773e

SHA1
c695a1c6ba2ab7dc98c689b50442794582cda4f1

SHA256
947725e42cb99ee7c5b329023316f43b7cdbdb427567fb767ad535892d4fb12f

SHA512
16107211861b56ef8d5083dec350e6c207e9f6329ae6f60dc22c33855f231fc0681754a09ee2d519558a9597bff7cfa3284de44b413d46887ca6383f24c70c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe

Filesize
184KB

MD5
94162de630dbf38465ae63012a1660ff

SHA1
54d3baefce55044971ede8ee78453f55023bbec7

SHA256
f3ab4da7889098bdb5b25e05f78d054cbe4d8591988ae771a21a28f0251d3646

SHA512
ed2830667884c8b3717e4fbfd616bf4dab943187c6673bdddfa4ad0e712d743fb78ce8357d3cc8f11de8ab39f56b7f6fa9f02b72b7b3ad0b67e34c051fbe7088

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe

Filesize
184KB

MD5
53e75cfb8356a71fe01c042042969b59

SHA1
15b12a27fed3177c4566b324361b7046f635da5f

SHA256
db4e38ab12145339aae37a53e39dc378a2d4b8ceb72727b15a4c61e92e8be8d0

SHA512
f366676f78de11b6eb2b1daf25fc5d8d0d18e44df0c37bc8861c0c3264f0d95d2b4eb520e5332ab204ba6369b1dc02bacaee01309d378092c09dec5d7274ff85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe

Filesize
184KB

MD5
bb2ad4cb0f80f12b7844134109521d8a

SHA1
b06c9502dee0075cd51ffefadfb249f1b91fb4ed

SHA256
650a49e23f1466e3854c4e56709fdeae72a02ee6987fd795fd2d53d1c106e91d

SHA512
f3ec94e74e8fadfdce5bc312ab34512985d913bfc6fbaa5efeeee2cf1688e636abe4b481e3a89e66dec152d4a796cb208fc4ade9f65917dc35f8e0584a84d6a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe

Filesize
184KB

MD5
3f8a649facc60151ad154b2571a7bd39

SHA1
a5ddff1299ea8f4d9f3250b0c6d1b632f7bdf1e1

SHA256
d3261bd401a4a15acc6a41f3441803f11753cfdca0254f2843af10e5d957fa45

SHA512
7731eacb4800c89df966d2d87e2a3114524614507f92082af44131c80e8f69ba19557697b565d3d99565e162e8f2903bdf3ba3b7f001f57c4f4ca731e2752061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe

Filesize
184KB

MD5
87a1fc4aaf2479d1c487bca98bb79a84

SHA1
f2b4bb112f2c8ee3e56b21cd568b92c96b1c8864

SHA256
b1e1418018967a7020c1045adc483f8d46abc852ec25984dcebabd2c0be69eca

SHA512
7d5f3099552e506017b6668fd4ad36b88a4240f8da13eaa76fe9ef0faad078135775b1101f876633c79a362f620768fb8ef76c50f9bea7dc78ec49232d346c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe

Filesize
184KB

MD5
acdf9a960e6da6f2f7ba9eee68162a27

SHA1
388f16b5ca1d1d116d6ebee20d8939096c30e754

SHA256
73fecb216280be55158b4d4ca8a3f2cb448a66d5e070c581d94749cfe80cae60

SHA512
a00d2fbb6aae15688b9ed32f1c1ea8a3cf20250687a0b07c12d373a6bff188fce83f9c9a781ee401724b5cd53d76bc1b333b331710d6f6547bfeae3e0b307ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe

Filesize
184KB

MD5
59301391d9654c1f9bdc62f0a4d9fe00

SHA1
c7fad03c831cf99b67499e375e9636add7baad28

SHA256
50fd2d4656bb16fb87bab22740e5288b1904fc84519de7f7b2e22ae7a4452f4d

SHA512
a083171ce1b9fdefa8cc80449c9819b6698e2e3832dbb545d351e45c7b5a2b836f64ee25d848aec9ad3689d6071878fe871f9e320680174030173d9757d2f852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe

Filesize
184KB

MD5
c5f0ed5d36240290c5376e296562941f

SHA1
cd539d57062dcc13d9d8f0ee6aa4fa37abaa6863

SHA256
a04ac1434476fd361bc8a4ae88969bc49e40b113737003daf613da10fef67e5b

SHA512
09dc4042392762f578376b2b24f0d737ce303b194f27e7a6aec0746ffb85706fa465e859ff2599d5c727ddeefa6ac43f36be9850b1e73e4c5d89d7d83a95f76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe

Filesize
184KB

MD5
06c49489b6074498b6f9a15a61feab58

SHA1
142fe91434398abafecbc3a25716c55a3eb37149

SHA256
afffb96bdb0a4b6245a10566961872f7f30a8b46317ff61d2bcc75589bffd8b3

SHA512
18ccc88303eccfab7c0299eb92ec178631ffb17596f313912c274152396b8099ef71b51dc5cf2b0e647caac1226d79566903e27fe238bc6338b6c435812e615f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58099.exe

Filesize
184KB

MD5
26fa5f3a903401f1ccd7a1a2767c752b

SHA1
1b74ef93d8b75e04d55e55808ecece41f4e9dfa0

SHA256
1d08f8c67c36fe3510ae55e15a2a69a762a35581c5a74ba0ca6d70dd8d06a4d1

SHA512
2b7bc8552609c7b555380f11f5d8341f08016e345f177d878d9d2fa68605f3751794aacb1c80c2f494113b4cb2c767e07cbcc0d24cafef264e693b1af52933f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58483.exe

Filesize
184KB

MD5
8fca31170d3b189d7d42add706a2558d

SHA1
cd2952d6d4ea9fe1ffa2a7445774d2c9f07196f4

SHA256
1e8c282968459cc5ef32fa8b476e980adebe579c5c56247483b215a2ee043456

SHA512
a64816889f9d2493ccf4e37135d26a0b7675e2bfd8a5b59e1040418a13a63a320a414a436d5bc7b552d63abdaa62ca2c5cee1c9d91ef004de1e78f8a4a94b613

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe

Filesize
184KB

MD5
acb23a9488788657bdd2134017157c96

SHA1
6fa2dad18c41d264120d48e07bf75f503000a6bf

SHA256
a89df9d321121b655d66ae51d6c939e742d0338233babc14c89c058ed1e7217c

SHA512
fafff16c70d152541cfb8bc2cd8a47e9f0fd531d37748751aee36387c4aedac2ddfa136c660242331b03fbd46b8ebe248de5353ece62dfbd4d5b678352069ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59856.exe

Filesize
184KB

MD5
0c40320b9f55ca88f9e825adc5195c85

SHA1
51f938e277152ed7d46404b4aedb287d772d3a5c

SHA256
ff632b30b0829e694519606ad06d2f0b869c8ff3ba82b07c61af0056d049c562

SHA512
7bf46420d99f4209a8e1ccfa0d6f8aaf548454404ebf4af66cf6f5be55385c69bbcdf87f9a9e22f8c3157a231d23f433ca2e6a0099043accebe90c89670ef53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6111.exe

Filesize
184KB

MD5
4f0ce425670dfc23f5315fe0349573b6

SHA1
d83015ac3b045fa6635cda36763a822d8e163837

SHA256
fb64addef46ab76822d88a3f2cf2036aacb28200e87394536f0e75e4303a57fe

SHA512
3a26478bbc29335796f41952fe6ad7eb433e842a4155a9a5c0f658b37e7469fa544770aee87de413c8d75049de5bf33631defaa4c0e543d82b9c4bf24475ea36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe

Filesize
184KB

MD5
37dc69c683e0bc2b24bd539b06a63f78

SHA1
545adc572db1f16443edca1c70ba525005dfc755

SHA256
ee695b9271c4962f4fd64aa7f37bc4ea100359ec82ab64bfb6dc283a62dc4ed1

SHA512
f4be2e86408ccad882f5f881d28a5f02e836dec2c94d05a240040b48cb68a81de73d9bf80d20589343c301c3f09882585c195e64f3fc3c42867410b78ddb1dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe

Filesize
184KB

MD5
f14deb081d0566755371e292f60b5ae8

SHA1
a5b5a7b36b36c6dc0148d3c262016a41a3a1c3a6

SHA256
cc9e538b023164dbf74c3070308d2d3a541afe12f5cc1f65a95bfd297caa2ed8

SHA512
d6d978f183537eaba31306d8ce3ebd05ee9f3d91fc2d6f0535f82547b5bb771bd6c3e89d9a8a5535f30d8acb5321c6c50a710ee4136a639655bf7dc00f3f7b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe

Filesize
184KB

MD5
7a61a7b35716f663e3e612795b75c3f5

SHA1
be51e8c62689524cabb8738252e62dcbb97cc42d

SHA256
12ba0c5f9cff167ce9be9c15b9866aa3ea9e3e402cbf39253433c1786a4556e0

SHA512
efce7491f0e665752f7b96b04b22f6e81920bde86ec4201f046ce3cdfb0cee94f80a847d45b24c01827d1fc8dee5d7acfa80b7b2437a4a6695aa1a0bb375e36c

Download Submit
memory/380-128-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/412-409-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/436-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/436-589-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/464-342-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/468-99-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/628-210-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/748-472-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/752-123-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1056-302-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1088-291-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1108-422-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1192-248-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1332-161-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1464-147-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1524-399-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1576-480-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1620-451-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1628-55-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1864-358-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1900-44-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2000-127-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2052-28-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2336-492-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2404-535-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2452-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2508-511-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2540-217-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2548-498-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2768-146-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2824-388-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2888-434-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2980-168-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2988-447-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3120-189-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3136-470-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3152-373-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3176-329-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3192-478-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3244-313-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3248-499-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3384-490-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3464-417-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3508-558-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3544-438-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3564-240-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3600-430-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3612-416-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3612-414-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3636-343-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3660-247-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3676-286-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3728-263-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3768-276-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3796-266-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3800-244-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3808-381-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3868-282-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3964-100-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3992-267-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4048-98-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4084-315-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4184-301-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4208-47-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4236-14-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4240-200-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4244-234-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4288-553-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4308-487-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4320-559-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4340-359-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4368-170-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4396-111-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4440-229-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4484-393-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4492-20-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4512-222-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4604-331-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4656-314-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4668-76-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4684-382-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4708-495-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4732-551-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4768-440-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4840-67-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4864-68-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4872-179-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4896-87-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4940-34-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4976-338-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4996-370-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5076-554-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5140-555-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5148-556-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5192-557-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/5276-564-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/13484-2900-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/13824-2899-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16604-2856-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16620-2855-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/16884-2848-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads