dae8983ba5ab42a40ea2d2b3b9fc32303c15e7c5fd19d7b085acc192bc2c807a

Analysis

max time kernel
120s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c5e03cd2bdaa25a0b963a7fe4874330N.exe
Size

184KB
MD5

6c5e03cd2bdaa25a0b963a7fe4874330
SHA1

cbeabbf321ddce9fb9121605c49d8b0e7ff12c65
SHA256

dae8983ba5ab42a40ea2d2b3b9fc32303c15e7c5fd19d7b085acc192bc2c807a
SHA512

31e96f9bd8e90a127885e33c4a92f9b8efba453bea338623a83b4cd9b017d8be7ca6a9b0f9d825cb1e0eb6ea71ff0d788f6766877cbd8f92d6fc15df0696bd58
SSDEEP

3072:h645Iuox/MnBHeB6W2MKrwErlvnqnviuSnQ:h6goGVeBNKUErlPqnviuS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1372	Unicorn-57035.exe
1816	Unicorn-44010.exe
1660	Unicorn-45634.exe
3720	Unicorn-930.exe
1820	Unicorn-930.exe
3808	Unicorn-63352.exe
2856	Unicorn-49617.exe
4900	Unicorn-44755.exe
3332	Unicorn-3457.exe
3324	Unicorn-28227.exe
3176	Unicorn-28227.exe
2952	Unicorn-28227.exe
4836	Unicorn-18776.exe
4820	Unicorn-54001.exe
512	Unicorn-40265.exe
4568	Unicorn-19779.exe
2752	Unicorn-34889.exe
1764	Unicorn-13530.exe
1780	Unicorn-29872.exe
524	Unicorn-38803.exe
896	Unicorn-55139.exe
884	Unicorn-59778.exe
1988	Unicorn-18745.exe
4476	Unicorn-38611.exe
1768	Unicorn-54947.exe
3392	Unicorn-54947.exe
1748	Unicorn-38096.exe
3888	Unicorn-13649.exe
4596	Unicorn-15952.exe
4552	Unicorn-15952.exe
2028	Unicorn-38715.exe
2532	Unicorn-51522.exe
3836	Unicorn-9441.exe
4164	Unicorn-11065.exe
4460	Unicorn-40177.exe
4428	Unicorn-46499.exe
4912	Unicorn-53250.exe
4716	Unicorn-7578.exe
3336	Unicorn-31568.exe
3488	Unicorn-53058.exe
2996	Unicorn-7770.exe
3224	Unicorn-888.exe
2124	Unicorn-31891.exe
1056	Unicorn-6929.exe
2332	Unicorn-33811.exe
700	Unicorn-33296.exe
3656	Unicorn-52970.exe
3048	Unicorn-52970.exe
428	Unicorn-14329.exe
396	Unicorn-25264.exe
1408	Unicorn-29042.exe
3588	Unicorn-50531.exe
1968	Unicorn-9498.exe
808	Unicorn-12513.exe
5024	Unicorn-6383.exe
3248	Unicorn-27872.exe
2268	Unicorn-8984.exe
1804	Unicorn-50339.exe
4444	Unicorn-58242.exe
3216	Unicorn-3176.exe
3308	Unicorn-19203.exe
684	Unicorn-32009.exe
2784	Unicorn-29426.exe
1996	Unicorn-47800.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
6076	2976	WerFault.exe	151
8784	5928	WerFault.exe	236
10168	8280	WerFault.exe	427
9680	8720	WerFault.exe	432
10332	7100	WerFault.exe	295
10920	6976	WerFault.exe	291
10360	7216	WerFault.exe	316
4792	7336	WerFault.exe	322
11040	10540	WerFault.exe	650
14476	1936	WerFault.exe	792
12648	7604	WerFault.exe	771
7884	11564	WerFault.exe	836
15116	13060	WerFault.exe	918
15100	12788	WerFault.exe	907
9596	10276	WerFault.exe	870

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe
1372	Unicorn-57035.exe
1816	Unicorn-44010.exe
1660	Unicorn-45634.exe
3808	Unicorn-63352.exe
3720	Unicorn-930.exe
2856	Unicorn-49617.exe
1820	Unicorn-930.exe
4900	Unicorn-44755.exe
3332	Unicorn-3457.exe
3176	Unicorn-28227.exe
3324	Unicorn-28227.exe
2952	Unicorn-28227.exe
512	Unicorn-40265.exe
4820	Unicorn-54001.exe
4836	Unicorn-18776.exe
4568	Unicorn-19779.exe
2752	Unicorn-34889.exe
1764	Unicorn-13530.exe
524	Unicorn-38803.exe
1780	Unicorn-29872.exe
896	Unicorn-55139.exe
4596	Unicorn-15952.exe
1768	Unicorn-54947.exe
3392	Unicorn-54947.exe
1988	Unicorn-18745.exe
3888	Unicorn-13649.exe
4476	Unicorn-38611.exe
884	Unicorn-59778.exe
1748	Unicorn-38096.exe
4552	Unicorn-15952.exe
2028	Unicorn-38715.exe
2532	Unicorn-51522.exe
3836	Unicorn-9441.exe
4164	Unicorn-11065.exe
4460	Unicorn-40177.exe
4428	Unicorn-46499.exe
4716	Unicorn-7578.exe
4912	Unicorn-53250.exe
3336	Unicorn-31568.exe
3488	Unicorn-53058.exe
2996	Unicorn-7770.exe
3224	Unicorn-888.exe
2124	Unicorn-31891.exe
1056	Unicorn-6929.exe
2332	Unicorn-33811.exe
700	Unicorn-33296.exe
3656	Unicorn-52970.exe
3048	Unicorn-52970.exe
428	Unicorn-14329.exe
1408	Unicorn-29042.exe
3588	Unicorn-50531.exe
5024	Unicorn-6383.exe
1968	Unicorn-9498.exe
808	Unicorn-12513.exe
396	Unicorn-25264.exe
1804	Unicorn-50339.exe
2268	Unicorn-8984.exe
3216	Unicorn-3176.exe
4444	Unicorn-58242.exe
3248	Unicorn-27872.exe
3308	Unicorn-19203.exe
684	Unicorn-32009.exe
2784	Unicorn-29426.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1372	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	86
PID 1308 wrote to memory of 1372	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	86
PID 1308 wrote to memory of 1372	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	86
PID 1372 wrote to memory of 1816	1372	Unicorn-57035.exe	87
PID 1372 wrote to memory of 1816	1372	Unicorn-57035.exe	87
PID 1372 wrote to memory of 1816	1372	Unicorn-57035.exe	87
PID 1308 wrote to memory of 1660	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	88
PID 1308 wrote to memory of 1660	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	88
PID 1308 wrote to memory of 1660	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	88
PID 1816 wrote to memory of 3720	1816	Unicorn-44010.exe	89
PID 1660 wrote to memory of 1820	1660	Unicorn-45634.exe	90
PID 1816 wrote to memory of 3720	1816	Unicorn-44010.exe	89
PID 1816 wrote to memory of 3720	1816	Unicorn-44010.exe	89
PID 1660 wrote to memory of 1820	1660	Unicorn-45634.exe	90
PID 1660 wrote to memory of 1820	1660	Unicorn-45634.exe	90
PID 1308 wrote to memory of 3808	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	91
PID 1308 wrote to memory of 3808	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	91
PID 1308 wrote to memory of 3808	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	91
PID 1372 wrote to memory of 2856	1372	Unicorn-57035.exe	92
PID 1372 wrote to memory of 2856	1372	Unicorn-57035.exe	92
PID 1372 wrote to memory of 2856	1372	Unicorn-57035.exe	92
PID 3808 wrote to memory of 4900	3808	Unicorn-63352.exe	93
PID 3808 wrote to memory of 4900	3808	Unicorn-63352.exe	93
PID 3808 wrote to memory of 4900	3808	Unicorn-63352.exe	93
PID 1308 wrote to memory of 3332	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	94
PID 1308 wrote to memory of 3332	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	94
PID 1308 wrote to memory of 3332	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	94
PID 1820 wrote to memory of 3176	1820	Unicorn-930.exe	96
PID 3720 wrote to memory of 3324	3720	Unicorn-930.exe	95
PID 1820 wrote to memory of 3176	1820	Unicorn-930.exe	96
PID 1820 wrote to memory of 3176	1820	Unicorn-930.exe	96
PID 3720 wrote to memory of 3324	3720	Unicorn-930.exe	95
PID 3720 wrote to memory of 3324	3720	Unicorn-930.exe	95
PID 2856 wrote to memory of 2952	2856	Unicorn-49617.exe	97
PID 2856 wrote to memory of 2952	2856	Unicorn-49617.exe	97
PID 2856 wrote to memory of 2952	2856	Unicorn-49617.exe	97
PID 1816 wrote to memory of 4836	1816	Unicorn-44010.exe	98
PID 1816 wrote to memory of 4836	1816	Unicorn-44010.exe	98
PID 1816 wrote to memory of 4836	1816	Unicorn-44010.exe	98
PID 1372 wrote to memory of 4820	1372	Unicorn-57035.exe	99
PID 1372 wrote to memory of 4820	1372	Unicorn-57035.exe	99
PID 1372 wrote to memory of 4820	1372	Unicorn-57035.exe	99
PID 1660 wrote to memory of 512	1660	Unicorn-45634.exe	100
PID 1660 wrote to memory of 512	1660	Unicorn-45634.exe	100
PID 1660 wrote to memory of 512	1660	Unicorn-45634.exe	100
PID 4900 wrote to memory of 4568	4900	Unicorn-44755.exe	101
PID 4900 wrote to memory of 4568	4900	Unicorn-44755.exe	101
PID 4900 wrote to memory of 4568	4900	Unicorn-44755.exe	101
PID 3808 wrote to memory of 2752	3808	Unicorn-63352.exe	102
PID 3808 wrote to memory of 2752	3808	Unicorn-63352.exe	102
PID 3808 wrote to memory of 2752	3808	Unicorn-63352.exe	102
PID 3332 wrote to memory of 1764	3332	Unicorn-3457.exe	103
PID 3332 wrote to memory of 1764	3332	Unicorn-3457.exe	103
PID 3332 wrote to memory of 1764	3332	Unicorn-3457.exe	103
PID 1308 wrote to memory of 1780	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	104
PID 1308 wrote to memory of 1780	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	104
PID 1308 wrote to memory of 1780	1308	6c5e03cd2bdaa25a0b963a7fe4874330N.exe	104
PID 3176 wrote to memory of 524	3176	Unicorn-28227.exe	105
PID 3176 wrote to memory of 524	3176	Unicorn-28227.exe	105
PID 3176 wrote to memory of 524	3176	Unicorn-28227.exe	105
PID 3324 wrote to memory of 896	3324	Unicorn-28227.exe	106
PID 3324 wrote to memory of 896	3324	Unicorn-28227.exe	106
PID 3324 wrote to memory of 896	3324	Unicorn-28227.exe	106
PID 1820 wrote to memory of 884	1820	Unicorn-930.exe	107

C:\Users\Admin\AppData\Local\Temp\6c5e03cd2bdaa25a0b963a7fe4874330N.exe
"C:\Users\Admin\AppData\Local\Temp\6c5e03cd2bdaa25a0b963a7fe4874330N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45570.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55802.exe
        9⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        10⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        9⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        9⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        8⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1362.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        8⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60473.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
        7⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        9⤵
        
        PID:14808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        8⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        9⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        8⤵
        
        PID:14572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        8⤵
        
        PID:15032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        7⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        7⤵
        
        PID:14464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62171.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        8⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        8⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        7⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65314.exe
        7⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        7⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        7⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        7⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46480.exe
        6⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        7⤵
        
        PID:12408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        7⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34537.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        6⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
        8⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        9⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        9⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57841.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27702.exe
        9⤵
        
        PID:14596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        9⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        8⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        8⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        7⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        8⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        8⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        7⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
        7⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
        6⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        7⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        7⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        6⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        6⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
        7⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        7⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        8⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        7⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        7⤵
        
        PID:14500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60809.exe
        6⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
        7⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8625.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        7⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        6⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
        5⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        5⤵
        
        PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        8⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 492
        9⤵
        Program crash
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        8⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        8⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        7⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51754.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        7⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        9⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        9⤵
        
        PID:15316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36840.exe
        8⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        8⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        8⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        8⤵
        
        PID:12664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        8⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        7⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        7⤵
        
        PID:12524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        7⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        7⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19990.exe
        7⤵
        
        PID:14348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        6⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        6⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        7⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        6⤵
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        6⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54562.exe
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        5⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
        6⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        6⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
        6⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7774.exe
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        8⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        8⤵
        
        PID:15020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
        7⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        7⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        7⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        6⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        7⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        5⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        6⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        6⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        6⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        6⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        5⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        5⤵
        
        PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26323.exe
        5⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        6⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18058.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        6⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11600.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44866.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        6⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 472
        7⤵
        Program crash
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        6⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        6⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        5⤵
        
        PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        6⤵
        
        PID:11084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7673.exe
        6⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        5⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        6⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        5⤵
        
        PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
      4⤵
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
      4⤵
      PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33385.exe
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26690.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
      4⤵
      PID:14916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        8⤵
        
        PID:11928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46929.exe
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
        7⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        7⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 616
        8⤵
        Program crash
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        7⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4256.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        6⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        6⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        7⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        6⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62529.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        6⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        6⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        5⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        6⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        6⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63882.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        6⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59024.exe
        6⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        6⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        5⤵
        
        PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        6⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        7⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        7⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        6⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        6⤵
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        6⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        6⤵
        
        PID:8688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        6⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        5⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60105.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        5⤵
        
        PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        5⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41474.exe
        6⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        7⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        6⤵
        
        PID:13868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        6⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        5⤵
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
        5⤵
        
        PID:7336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 492
        6⤵
        Program crash
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
      4⤵
      PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8785.exe
      4⤵
      PID:9004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
      4⤵
      PID:10228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53090.exe
      4⤵
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19010.exe
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
      4⤵
      PID:11436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52955.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37224.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34430.exe
        8⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        7⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50938.exe
        8⤵
        
        PID:12828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        7⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        6⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49026.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        6⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        6⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
        6⤵
        
        PID:10840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        6⤵
        
        PID:13204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        5⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35538.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        5⤵
        
        PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        7⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        6⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        6⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        6⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        5⤵
        
        PID:8408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54050.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45242.exe
        5⤵
        
        PID:11488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        6⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12788 -s 464
        7⤵
        Program crash
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        6⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
      4⤵
      PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        5⤵
        
        PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      4⤵
      PID:12616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22672.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        7⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        6⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        6⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        5⤵
        
        PID:6288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
        5⤵
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50697.exe
      4⤵
      PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        5⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        5⤵
        
        PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        5⤵
        
        PID:15184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
      4⤵
      PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
      4⤵
      PID:7412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
      4⤵
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        6⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        5⤵
        
        PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        5⤵
        
        PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      4⤵
      PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
      4⤵
      PID:14640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
    3⤵
    PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        5⤵
        
        PID:12528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
      4⤵
      PID:10276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 464
        5⤵
        Program crash
        
        PID:9596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
      4⤵
      PID:15196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
    3⤵
    PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
    3⤵
    PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28973.exe
      4⤵
      PID:7588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
    3⤵
    PID:10564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
    3⤵
    PID:11020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
    3⤵
    PID:10684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
    3⤵
    PID:6856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        7⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        8⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        7⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        8⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
        8⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        7⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        8⤵
        
        PID:13040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2800.exe
        7⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38894.exe
        7⤵
        
        PID:8076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44802.exe
        6⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        7⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        8⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        9⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22533.exe
        9⤵
        
        PID:14476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
        9⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        8⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17379.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
        9⤵
        
        PID:15160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        9⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        8⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        8⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13060 -s 464
        9⤵
        Program crash
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        7⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        8⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        7⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        7⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
        8⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 464
        9⤵
        Program crash
        
        PID:12648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        8⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30425.exe
        7⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        7⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        7⤵
        
        PID:14904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        6⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        7⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        7⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15641.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12321.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        8⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19391.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        8⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58959.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        7⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32599.exe
        7⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        6⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        6⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
        7⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        7⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        6⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        7⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        6⤵
        
        PID:13872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        5⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 604
        6⤵
        Program crash
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        5⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33907.exe
        6⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        8⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        8⤵
        
        PID:12468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        6⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 500
        7⤵
        Program crash
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        6⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        5⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42729.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        6⤵
        
        PID:12344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61282.exe
        5⤵
        
        PID:10416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        5⤵
        
        PID:11504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        6⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        7⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
        6⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        6⤵
        
        PID:14884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16625.exe
        6⤵
        
        PID:10848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        6⤵
        
        PID:11088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40161.exe
        6⤵
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        5⤵
        
        PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
      4⤵
      PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40385.exe
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
      4⤵
      PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
      4⤵
      PID:11564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11564 -s 472
        5⤵
        Program crash
        
        PID:7884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        6⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42633.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        7⤵
        
        PID:12332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        6⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        6⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        5⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        6⤵
        
        PID:8056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        6⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        5⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        5⤵
        
        PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        6⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        7⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35345.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27712.exe
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        5⤵
        
        PID:7280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        6⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        
        PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        5⤵
        
        PID:6880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
      4⤵
      PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        5⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        5⤵
        
        PID:10012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        5⤵
        
        PID:11304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
      4⤵
      PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30393.exe
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16512.exe
      4⤵
      PID:11620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52747.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        6⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
        7⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        7⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        6⤵
        
        PID:11788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        5⤵
        
        PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
      4⤵
      PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
        5⤵
        
        PID:11004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23137.exe
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        5⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        5⤵
        
        PID:14796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
      4⤵
      PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12425.exe
      4⤵
      PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
      4⤵
      PID:14896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
      4⤵
      PID:7844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22249.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
      4⤵
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
    3⤵
    PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
      4⤵
      PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
      4⤵
      PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
    3⤵
    PID:7684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24698.exe
    3⤵
    PID:8564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
    3⤵
    PID:11336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        7⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64954.exe
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        7⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        7⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        7⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        7⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-176.exe
        6⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        7⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        6⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        7⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
        7⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50890.exe
        7⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        7⤵
        
        PID:13236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        6⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        5⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        7⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
        7⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:9112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62905.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35405.exe
        5⤵
        
        PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        7⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        6⤵
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        6⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        6⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 460
        7⤵
        Program crash
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        6⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        5⤵
        
        PID:11456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47800.exe
      4⤵
      Executes dropped EXE
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        6⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9770.exe
        7⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        7⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56458.exe
        6⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        5⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        5⤵
        
        PID:9676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61937.exe
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        5⤵
        
        PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      4⤵
      PID:6436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        5⤵
        
        PID:9440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        5⤵
        
        PID:10776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8416.exe
      4⤵
      PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
      4⤵
      PID:11228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
      4⤵
      PID:7596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        5⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        7⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
        8⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42087.exe
        8⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        7⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        6⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59371.exe
        7⤵
        
        PID:12804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        6⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        6⤵
        
        PID:8796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        6⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34323.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        6⤵
        
        PID:11132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        6⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
        5⤵
        
        PID:11804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
      4⤵
      PID:2976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 720
        5⤵
        Program crash
        
        PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63825.exe
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        5⤵
        
        PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
        5⤵
        
        PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
      4⤵
      PID:7832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
      4⤵
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21331.exe
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8874.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
        6⤵
        
        PID:100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3521.exe
        6⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        6⤵
        
        PID:13048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        6⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        6⤵
        
        PID:10880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        6⤵
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20137.exe
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        5⤵
        
        PID:12648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50090.exe
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        5⤵
        
        PID:100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6537.exe
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
      4⤵
      PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        5⤵
        
        PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
      4⤵
      PID:7592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34680.exe
        6⤵
        
        PID:12760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      4⤵
      PID:8280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 416
        5⤵
        Program crash
        
        PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      4⤵
      PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
    3⤵
    PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47266.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
      4⤵
      PID:14436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
    3⤵
    PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
    3⤵
    PID:8572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
    3⤵
    PID:10864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
    3⤵
    PID:5128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
    3⤵
    PID:7448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
    3⤵
    PID:8008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63074.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        8⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        7⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        7⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        6⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
        6⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
        6⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
        5⤵
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
      4⤵
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        7⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
        6⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        6⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
      4⤵
      PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        5⤵
        
        PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17449.exe
        5⤵
        
        PID:11084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
      4⤵
      PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        5⤵
        
        PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37889.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57166.exe
      4⤵
      PID:6864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39368.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
        6⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42386.exe
        6⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22441.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63159.exe
        5⤵
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19392.exe
        5⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        5⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        5⤵
        
        PID:11000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35536.exe
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
      4⤵
      PID:11812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
    3⤵
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      4⤵
      PID:7112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
      4⤵
      PID:11512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
    3⤵
    PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41873.exe
      4⤵
      PID:10512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5698.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
      4⤵
      PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
      4⤵
      PID:10688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38822.exe
      4⤵
      PID:14988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
    3⤵
    PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33051.exe
      4⤵
      PID:11944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
    3⤵
    PID:10776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
    3⤵
    PID:10708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
    3⤵
    PID:7396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      4⤵
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
        6⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        6⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        6⤵
        
        PID:10796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35399.exe
        6⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33897.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57487.exe
        5⤵
        
        PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57786.exe
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        5⤵
        
        PID:6032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60424.exe
      4⤵
      PID:8308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
      4⤵
      PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      4⤵
      PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        5⤵
        
        PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
      4⤵
      PID:12976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46825.exe
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58475.exe
      4⤵
      PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39482.exe
      4⤵
      PID:10360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      4⤵
      PID:8996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
      4⤵
      PID:10664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
    3⤵
    PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
    3⤵
    PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
    3⤵
    PID:1936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 444
      4⤵
      Program crash
      PID:14476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
    3⤵
    PID:14448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23633.exe
    3⤵
    PID:8584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
    3⤵
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        5⤵
        
        PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
        5⤵
        
        PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
      4⤵
      PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50023.exe
        5⤵
        
        PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
      4⤵
      PID:9228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65079.exe
      4⤵
      PID:14688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
    3⤵
    PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
      4⤵
      PID:8020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
      4⤵
      PID:10880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
      4⤵
      PID:10780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
      4⤵
      PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
    3⤵
    PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26344.exe
      4⤵
      PID:13260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
    3⤵
    PID:10340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
    3⤵
    PID:8116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
  2⤵
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
    3⤵
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
      4⤵
      PID:11416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
    3⤵
    PID:7272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49002.exe
    3⤵
    PID:1416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
  2⤵
  PID:6212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
    3⤵
    PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
    3⤵
    PID:14840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6400.exe
  2⤵
  PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    3⤵
    PID:11992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61362.exe
  2⤵
  PID:10680
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
  2⤵
  PID:10812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
  2⤵
  PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2976 -ip 2976
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5928 -ip 5928
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8720 -ip 8720
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 6952 -ip 6952
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 5796 -ip 5796
1⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7336 -ip 7336
1⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 10744 -ip 10744
1⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7844 -ip 7844
1⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1936 -ip 1936
1⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 11564 -ip 11564
1⤵
PID:14844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 10276 -ip 10276
1⤵
PID:14340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe

Filesize
184KB

MD5
b0ab1ec990b7a722efaa6cd6a23a9093

SHA1
33ca50fa82458dd70b8694ef03b4b3144e897295

SHA256
6aa32309efd43bf125521d4c35115294c952f038d32f1ae4f621378ae4d198bd

SHA512
4f02155f53e855fd936e541aa812d72afbcdf494373ee0d5055e8babe372136a26c9f9b99cc03d1a457a66a2abc017bcdcd0d6ebb564784d64a1a6e21be7a2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe

Filesize
184KB

MD5
38603e5fb60c8e2c6e3f0825e6adc277

SHA1
f77e64313416af1482de9b4dec54c89de1324b64

SHA256
313cb15c61ba26e326861891437fa8752369c921acc2ce8b8f0f7c9f4d5f5bd9

SHA512
a80764319730fa990cae8fb8966a0c8c450f59dc5fe04fd09fe35cdd280e501f8e77559d225bdb815668aff512f0bc8fd63c1af603b24f72a5c614e4f3fd3647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe

Filesize
184KB

MD5
0a87da1e0b2484b4be3faf3494aaa100

SHA1
5e4c03fef1b11d714609b1cd4207efb07097e9eb

SHA256
5cbf949698b1a75bfdeb8ff235e5b22ca313651ead12a47366bffcc9884113ad

SHA512
3c637cec42d8a3c16663b11f8501b17fa1aae240971202c26ed1704e93be1b31486b04b1bca3eadf2305c3ab2f318634dfd90f1bcf095b13805b64094229fbec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe

Filesize
184KB

MD5
5036cd33d2c6837462f7f6a84b32c45f

SHA1
18bed411b73d96f71b7588b11924032d4046ac28

SHA256
f23a59d15199fb88a1501aed4b413dce6ba6fbaab483bfe64ba0c08fc63e42f5

SHA512
d6cc62d931244eb2f9ee8792663765210d422305b96c715dd494c94772f2fcf00e7a4a814ae367eebe2e8c9f24ef7aa2c53b2e93b7fb9f00510f092523ac844b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe

Filesize
184KB

MD5
02ccba8a1f376bd2cdeafb1f553b909d

SHA1
92cc7d4a1fbc0caaa0f10503155e71108aa6c890

SHA256
3c5defb1d05260d54d3ff2db2971ce553a6a732345e2706b6556a99ea3397b17

SHA512
9a7c2af3a1eb2a390e4a7c7963278a350797bf11bc1f6cf4d4a3632de4c3d1046b928e09c0f1701422fb72f463efcb240c853dbcc053ac8a9af37f10ab6fe2b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe

Filesize
184KB

MD5
ed681cfea5e4e5db0bd0b89faa821a88

SHA1
bad4eef87623ea59302c6aa622e1f64973279df2

SHA256
0968fdef1743d75855bf28e0f4812c05f715e3042094d0b191e87193a38fc0bc

SHA512
1b673bc91bd354a8b7bfc4262d84ba69c9cbb6c39112b0893e19c97e19dfb7632a2d8b965afd35d69ab9ce889a2cccd03c3c17026d22e4c667a9c8b0807c88c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe

Filesize
184KB

MD5
8fded63e6c4d46227ec6633de345b57e

SHA1
760b669d1eb669385b1b6edcfa02aa36f0260925

SHA256
eb86fb06ffe124d626fbc03df3cfaf9a854f5e88bb0b4d08d397dbf2bded259a

SHA512
99f7c2a1273b8064ec0e1ed4cafa8279422e7b08a4ca1faf06c90bbd20b5f267bd9736ab31cd61b47fbe48991dd0badaec87f91241a38a8968035285793cae88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe

Filesize
184KB

MD5
2951a5e841ca9cee272358c5b0c612ed

SHA1
cfa67d64e8de0155d7a000605816363e58fe6ff5

SHA256
eea18e7ae67055d7467161f39113836e864d3e45b137a3bf82045ace2ea50d3b

SHA512
58c027387d57873b62cd89b48b9cdafbf5164158f7a356913c49259e91b8439c7c405921511245bbe715d975a9a419dab2239a87a1794a0c3c537a665967a92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28227.exe

Filesize
184KB

MD5
b4aa4945e9c0651204fa1a48942e354e

SHA1
258d9bf42786d227c9117e9e523a3a769b3bc550

SHA256
99b310faa0c6ac19c6a9acae8222703a0714d47ec319ae283e856171711a5bc7

SHA512
4b943a82b318d7d94dfb6dbff049feda40d0ab4ae3054888b0e7f66eabae154a8a2ad7c86a013849c0b9c9a6a2072bbdd26378dbbf4a7f631fe962128ee53a0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe

Filesize
184KB

MD5
108be92c2302f5cd9599d3b13f1bf32c

SHA1
5aa53b4597ad1672748267df2274b6a0587b3b49

SHA256
3c2b37138a8fce66efb3ac780d4562c3377e152c89ff05cae8dc6938b248b2ab

SHA512
d6273e02dfbfb73507fa6fa28256958a24129d7f14a4275e6826dab7817a2a198c03161bfe658d411eb9ddfc04d65b334f6eae9283006939cc5ccecd32b3ed63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe

Filesize
184KB

MD5
27aef1983393103b60326af57299b37a

SHA1
7e01ab4e03be835cbbde1d50846b915a20ea12c6

SHA256
fa81eb07cfb55ec554c09562e36ad2c68b9ed15d457aa40142d998b713c23113

SHA512
ccedb52d7ef50069955f4c6084630c66cf6dc79d57b15472996baa6436d2a22c6f69edf892f331594c4edbdd6214fefe5076d792af0e4345b1a4258fa546e2a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe

Filesize
184KB

MD5
f63936319bd89b3ae6c5626b61e78188

SHA1
e5172d35fd302530603adbcff0dcf7fbbe84e91b

SHA256
ed6899ec6cb03a3e2b354df74cd7a9559d8d9bb948195ec64cc381689e984099

SHA512
f310496fc22aa6c9c874419863127e7245fc0fe2b0403c49f6ca9f67d5873d49c9df6cbe063a7b6ddd2144ce73b278508763cb2d4e97d220282f8c1bfe393a62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe

Filesize
184KB

MD5
acbb7113624169d289c66afe8f602acf

SHA1
4382b105eaf1cd27b68a296ce62ab3ea8442e3e5

SHA256
346bfe1c2300ca6a9c38f494819fa2be04d4aaab19e51da72f9b77df67d13650

SHA512
1c85ae7cf42aef67188df5a3220846b4e65ae171397c41c1cd7848b56241c79dd8e9ed091d02fa654fa9ec7e6b71212b7434a54b26ade046faf15b0dabf5f91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe

Filesize
184KB

MD5
cd770b940fb74c7fa07796f590263564

SHA1
d6e5c4096f84ba216d1c9848fa43eb328b91146d

SHA256
e835b2cd0a038509d8675b1c546f0af5a32b929275d3cf849b911750957ba8a0

SHA512
8f7be93624e452460b0c7910453c3b3ae74f0a513fbf64413b74d1b6bb80657e91d002ab5da23ddd79c9ea5e4e9d17f8a0510f4adf6d14ebd05fb9a5347ac39a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe

Filesize
184KB

MD5
58ba88e292025306c0cc4da23319c505

SHA1
2ff60abad88f9c2a600e93da05e29cd69c4739b0

SHA256
60cea2de2291be5e42469f964545315187f05854e90543965e903c34bf9f5fba

SHA512
31a5e73984dc0b3338f6917298fba1ea79e0d8ac0537647feb1078d144276bc06dc3a3da72f8c4396117bc847067ea1ed8a4b5df7a3022acc6d695a15be5a4ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe

Filesize
184KB

MD5
acbd0e4c67dc0fde237547f952661822

SHA1
d50ece31b75eb39e1c66610b2e5e9c14aec2d090

SHA256
8dcaf4b6e43301b33b48acf88902a7ce7093442db69e0e07cc21d83c61d2afcf

SHA512
f7602e67b3d8f49284cc1d7a44592ca49b2f9aec6fd71ab1b5a5c92683896127a79ac39262da880261877dc91e9061bc8e450acc935f5d8f61adf1df7df8c9cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe

Filesize
184KB

MD5
d1ae4264d40b89bfe1f4e324ff6ab8eb

SHA1
ce9af3015d646a90b2fac7cef1b71297771473fe

SHA256
1a8c7794cb47ea2e32b511cb33aa51daf4f3730fc1af972021f8a863a4e2fc43

SHA512
78b2cfc764abcc102c430260bc72b83d37c2c5f89c0a72232ae7d39eaad50f3c8db894f9ec168f1605007b79d272d860ae65eb22e6ddecd452e7993453a5d6aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38803.exe

Filesize
184KB

MD5
68717866ca2bbd3d904f77b92d1ae8ad

SHA1
abc764d6a01b793a7bf528d0dd0d645b1d111264

SHA256
a6a8a909be5eaef658723922966a47b83c0bc72d137caee05e61817ad747c08d

SHA512
ba51adecdad923af8586732f2c51671ff5235c1cee7a3f93a605fd903395f326ce401d8ffdee192838aba9cc1172e353231b4d1400b1784e5da92fe3c517d06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe

Filesize
184KB

MD5
ae2a9fda8fdf68c66276e2145ee307c3

SHA1
d6cc631e7552a5197aa42f40ba092e7ca3357871

SHA256
a32c32162cd319b6aa1566d9806be7dab214183b5509c3ac2d3456550e0a58e3

SHA512
8d80f1bd6491f3b2d273b8f67b433aae9838eedd9d12bc20a1f51ada078be403996c44e47dc3c089893ed6e614ac0c02d69b98b7f33ba1b3c4bf9942910bbda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe

Filesize
184KB

MD5
10f4265f077fbdca0d54255eaee9a103

SHA1
107f0ce1e8bb7247ace27957adde0a4548deaf25

SHA256
947e2f98a9914e99aaaa10a4830e2e431d14b7dabcdd8760dcc83b44b1bef03e

SHA512
a2bffe447cd6e39dcd09663d744133c443c3ab1bda4a577d9cd4bc4f88953b91a545e4fecb9b422555d2f8b759b206664b8599a74fde2e15888fb6042d50842d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44755.exe

Filesize
184KB

MD5
8720f0630ff4d7379cc6ad45a1df9a81

SHA1
6f2582aa02ded33168588811cc4ed32655091aef

SHA256
72ddd84e1595d7752b1febd2c45492796cbd78e55bd715d3a716d29bd692f15e

SHA512
78a44540e1e149874aa46d8aa5da6c4cb1478c2159f66a8830a04d525f59fcff30aba49310636b10514f72082e5ab603c4a07b85aad68c9096b5899c5b82335c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe

Filesize
184KB

MD5
739a4a4366eb73ded6e40061b94625ec

SHA1
f36e57a1c530146c5f86983353819a5a3e81af93

SHA256
c3528cced98ecb936cad70c0d185356a16c984bdd80729002161a5ae72e5b684

SHA512
579963cbf511dd9ffcad6e26ac2352076cd7898d671ab2c7c77860fb8cf95ebd8c6d2a9d6bcfc1841c9c1c3914b4799dc9076b407aac619c56e5da7b6502d0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe

Filesize
184KB

MD5
c40fa76ae3aadf678bf57c2569eb6a41

SHA1
0a72c156866b380a375ed82ee8b7bf744369b7a4

SHA256
e9c62c2491ba201aa68442dae141092d9964d48a09004aa946df16336f0e193f

SHA512
939a5fa09418d4350a073d10c5fe19b0f6579b2103e2b86bcf3073ae377721c8bf1eff699942e2b477abd0bfe1c1addfda85754ffd93c105884ea498945df90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe

Filesize
184KB

MD5
130541c71e565ed9320b6966cc0e4a9c

SHA1
82c6dfd8e513f719e9bc24d471fda5d2ef43252b

SHA256
b5351da007d07e306e8d041675582eaf02b3761ffba9b8addca13c67ac2fcb96

SHA512
8a71538b4e83f2433290b3f3d001ff70e76633feff2c1ba856d7d7cd1f7954e63b1557618cce7b3636a4e3f4a9da4cef651f7fb3bc70530ac09ec945de47301f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe

Filesize
184KB

MD5
82ee501eb512887d2dede25ba23f2e29

SHA1
6d42b4bf2b612d18e07790bacc3dd11a9ac153e2

SHA256
b6ba220f525017ddf9396ae474ef19ae1363a62cb2eb72b5b588f201929b2ba5

SHA512
041d7355a3ac45a279ec14a4559a6eee1761735bd97fbc3267973ea91d71609b6b4f205b4cb6cf997681fe5cb8967122615b0d5e8935cb5f736e302afe37eb9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe

Filesize
184KB

MD5
e50f30e7fa0065a3b762d5ba0d35ca7e

SHA1
9000d25d0af8cedf78ffee454230e879409e4230

SHA256
d13baf702661a629b77c973b05d598ecf9389994f0891d48fa0369cb98e52db7

SHA512
01e2028270332d9f41c08345c84328bc9f8ef1cf01b583e8f83e982b3da492395274a948a6b660dc1949bb97d5fe9b086311e9ebf8de00735f173c3f845a77c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54947.exe

Filesize
184KB

MD5
7dac1566ea4aa298fbcb35f19a1bd934

SHA1
4c2f1fec07e38eea1cf7957dd74d2dc50a7eb070

SHA256
284b67d1da55371f86bf425c091b5d6b224741349e2a90a54f50dbc953b7970f

SHA512
bb817c450ad6a963005d89a70158d60e909b2ba0a3d3d6fdcb5091d80b3b9ebf21af9aba8f1ac695643e882fe38cc59cbfd9c07356491f639a9d58b8aea23c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe

Filesize
184KB

MD5
19f8d8f3eac8a90e838806e0670d3a63

SHA1
13d4dbd3b06c0a8563de4654df7e071c3b0a6d1f

SHA256
64d2c0d296cb533d141a0f3ed5b4271a1611ea25a5476e933fce59cde5e20270

SHA512
30aaca1cdfc997458aa5594dc285cb8e96b12dcbd0f29da06ab2b72d6e60d3b52a462f38c8427d3459c26657fc8bff89425e777944817a07deaaf95429217c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe

Filesize
184KB

MD5
0358bf73cc8f86e9fdf94364d78e87ce

SHA1
909c439bb88ca2d556268a583f9970cc11cdc449

SHA256
c6427c3e87ab54008eae1353ec0760fa3746863818ab140663fc6667267f57b0

SHA512
7b6538f2cf815f4f5aaf87f437a4e637a385d441d5947a9bd05cface7f022341f18dbac204b3ab6eb96888e4ff5828448e811d8b5b344162252d1456f58436ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe

Filesize
184KB

MD5
b8becdaa2d4aea8bac30e3dda84db22d

SHA1
6008d283784ff238195920bd21a1aafa91243702

SHA256
1a8d587c8318922a9f8081a5e0bc2ae8cb1e165431a50a44fe9f1bd9ef7302ab

SHA512
09471667fc0c04240bb2d27699dbc6e9e639c60653c9f6c7bd8f811fc5cfa5c687d3709d46f9f78ce71482c1d12bcab4ab99658663a78f9f098c0598b8ca5cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe

Filesize
184KB

MD5
8b3262091a8c21f23ffab0ffbdb87b05

SHA1
3d466f32e69b0915725e362a357de1e65a86784d

SHA256
661c116a18f7ec94ca39635329ed03d25fd93e0bc87c0b1b64d2e5d23f49811a

SHA512
b22398e79c1a233c032c97e0fec28f2013d9249955129bf952c8b93151df6b2b7875a460e775b7505c0eebcbb6134fee43ac2c1ee5dfcfc369ae7ee4c7629571

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe

Filesize
184KB

MD5
5bc7985ccc39a6a38277b5e1dcedd8e6

SHA1
a87b7058c23a007d5ea19444ea6e692b9669e680

SHA256
463d295179b71e557db623db11fda746ddb0749f45917773a042c55937a4e9f9

SHA512
3a6515b4c63a2860739a79bee4e76ecd20ade0151391191aaf493364d4cd5d06782a6d66ce0fad4425535ea403e1c50a67684e3d49378737c5c7170fa8da1b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe

Filesize
184KB

MD5
af3e6164d42575f2eea26c3e3cc9202a

SHA1
2a04a0d1f219a23a37a0bb48c9c2df707230d7b9

SHA256
062a187060e4c478158044d3b2be61b48adede6b16840a259f0dc03c652ed2c1

SHA512
8620ce07ab0c96fd22ce27caac3128ad1557cb34601c4c49c49fd9ca993223923528f16de3866679cd74c869b531d2baac1ee2f2158b44573a91ead65ff02c02

Download Submit
memory/1824-2722-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1936-4035-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2408-2828-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3888-3678-0x0000000074F40000-0x00000000751BE000-memory.dmp

Filesize
2.5MB

Download
memory/9228-1588-0x0000000077790000-0x000000007779A000-memory.dmp

Filesize
40KB

Download
memory/11024-2139-0x00007FF95A650000-0x00007FF95A845000-memory.dmp

Filesize
2.0MB

Download
memory/11564-4039-0x00007FF95A650000-0x00007FF95A845000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads