40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28

Analysis

max time kernel
35s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
Size

184KB
MD5

334b49d0df7568874fd98e8f870ba1f1
SHA1

54262b370d4a0185aa6156bb599628f4fd2de4da
SHA256

40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28
SHA512

bcffaabc402082b8050d6ff00976a53f877afd274584e8be02fbf26ef474cb899cb0130ac1c7a501b6df65025798ecb7efb502a8ff443490dfbeb4dfd5cc7521
SSDEEP

3072:ZklX3aon1jrYd4DZWiBn8s/1zlvn1nxiut:ZkwoxE4Dh8O1zlP1nxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4700	Unicorn-63357.exe
2728	Unicorn-12651.exe
2760	Unicorn-41986.exe
4252	Unicorn-56445.exe
2228	Unicorn-56445.exe
5420	Unicorn-48915.exe
5444	Unicorn-62650.exe
5340	Unicorn-25776.exe
5376	Unicorn-65308.exe
1152	Unicorn-60477.exe
3272	Unicorn-18760.exe
3384	Unicorn-64431.exe
1716	Unicorn-55708.exe
3016	Unicorn-49578.exe
4544	Unicorn-42999.exe
4980	Unicorn-47190.exe
5488	Unicorn-16141.exe
3308	Unicorn-210.exe
2704	Unicorn-63893.exe
5476	Unicorn-33651.exe
1320	Unicorn-17507.exe
4508	Unicorn-13977.exe
1016	Unicorn-12846.exe
5792	Unicorn-5233.exe
5808	Unicorn-49338.exe
1092	Unicorn-49603.exe
5812	Unicorn-29183.exe
6064	Unicorn-5425.exe
1768	Unicorn-8192.exe
2168	Unicorn-10992.exe
2992	Unicorn-6598.exe
2840	Unicorn-22420.exe
5132	Unicorn-51715.exe
5032	Unicorn-8252.exe
3976	Unicorn-42094.exe
3968	Unicorn-31465.exe
4568	Unicorn-38970.exe
2036	Unicorn-10308.exe
2600	Unicorn-18720.exe
1440	Unicorn-16303.exe
5220	Unicorn-48975.exe
2344	Unicorn-56437.exe
3316	Unicorn-23572.exe
3516	Unicorn-5550.exe
1864	Unicorn-22079.exe
2040	Unicorn-22079.exe
1416	Unicorn-17419.exe
1436	Unicorn-17419.exe
6140	Unicorn-58451.exe
3728	Unicorn-5166.exe
5164	Unicorn-17419.exe
1504	Unicorn-58451.exe
2324	Unicorn-57749.exe
3056	Unicorn-38607.exe
4356	Unicorn-30439.exe
4316	Unicorn-29370.exe
3772	Unicorn-34798.exe
4420	Unicorn-1741.exe
5312	Unicorn-63194.exe
3020	Unicorn-53526.exe
1428	Unicorn-19841.exe
4992	Unicorn-2701.exe
5276	Unicorn-27313.exe
3876	Unicorn-56095.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
7016	3976	WerFault.exe	125
8736	3308	WerFault.exe	108
5584	2264	WerFault.exe	223
7664	628	WerFault.exe	164
11432	3976	WerFault.exe	125
13916	3308	WerFault.exe	108
15704	2264	WerFault.exe	223
15908	628	WerFault.exe	164
16932	7600	WerFault.exe	281

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
4700	Unicorn-63357.exe
2728	Unicorn-12651.exe
2760	Unicorn-41986.exe
2228	Unicorn-56445.exe
4252	Unicorn-56445.exe
5420	Unicorn-48915.exe
5444	Unicorn-62650.exe
5340	Unicorn-25776.exe
5376	Unicorn-65308.exe
3384	Unicorn-64431.exe
3272	Unicorn-18760.exe
1716	Unicorn-55708.exe
1152	Unicorn-60477.exe
3016	Unicorn-49578.exe
4544	Unicorn-42999.exe
4980	Unicorn-47190.exe
5488	Unicorn-16141.exe
3308	Unicorn-210.exe
2704	Unicorn-63893.exe
5476	Unicorn-33651.exe
1320	Unicorn-17507.exe
1016	Unicorn-12846.exe
1092	Unicorn-49603.exe
4508	Unicorn-13977.exe
5808	Unicorn-49338.exe
5792	Unicorn-5233.exe
5812	Unicorn-29183.exe
6064	Unicorn-5425.exe
1768	Unicorn-8192.exe
2168	Unicorn-10992.exe
5032	Unicorn-8252.exe
2840	Unicorn-22420.exe
2992	Unicorn-6598.exe
5132	Unicorn-51715.exe
4568	Unicorn-38970.exe
3976	Unicorn-42094.exe
3968	Unicorn-31465.exe
2600	Unicorn-18720.exe
2036	Unicorn-10308.exe
1440	Unicorn-16303.exe
3316	Unicorn-23572.exe
5220	Unicorn-48975.exe
2344	Unicorn-56437.exe
3516	Unicorn-5550.exe
1864	Unicorn-22079.exe
6140	Unicorn-58451.exe
1436	Unicorn-17419.exe
3728	Unicorn-5166.exe
2040	Unicorn-22079.exe
5164	Unicorn-17419.exe
1504	Unicorn-58451.exe
1416	Unicorn-17419.exe
4356	Unicorn-30439.exe
2324	Unicorn-57749.exe
4316	Unicorn-29370.exe
5312	Unicorn-63194.exe
3020	Unicorn-53526.exe
3772	Unicorn-34798.exe
3056	Unicorn-38607.exe
3876	Unicorn-56095.exe
4992	Unicorn-2701.exe
5276	Unicorn-27313.exe
5604	Unicorn-53142.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4700	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	91
PID 4620 wrote to memory of 4700	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	91
PID 4620 wrote to memory of 4700	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	91
PID 4700 wrote to memory of 2728	4700	Unicorn-63357.exe	92
PID 4700 wrote to memory of 2728	4700	Unicorn-63357.exe	92
PID 4700 wrote to memory of 2728	4700	Unicorn-63357.exe	92
PID 4620 wrote to memory of 2760	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	93
PID 4620 wrote to memory of 2760	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	93
PID 4620 wrote to memory of 2760	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	93
PID 2760 wrote to memory of 4252	2760	Unicorn-41986.exe	94
PID 2760 wrote to memory of 4252	2760	Unicorn-41986.exe	94
PID 2760 wrote to memory of 4252	2760	Unicorn-41986.exe	94
PID 2728 wrote to memory of 2228	2728	Unicorn-12651.exe	95
PID 2728 wrote to memory of 2228	2728	Unicorn-12651.exe	95
PID 2728 wrote to memory of 2228	2728	Unicorn-12651.exe	95
PID 4700 wrote to memory of 5420	4700	Unicorn-63357.exe	96
PID 4700 wrote to memory of 5420	4700	Unicorn-63357.exe	96
PID 4700 wrote to memory of 5420	4700	Unicorn-63357.exe	96
PID 4620 wrote to memory of 5444	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	97
PID 4620 wrote to memory of 5444	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	97
PID 4620 wrote to memory of 5444	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	97
PID 2228 wrote to memory of 5340	2228	Unicorn-56445.exe	98
PID 2228 wrote to memory of 5340	2228	Unicorn-56445.exe	98
PID 2228 wrote to memory of 5340	2228	Unicorn-56445.exe	98
PID 2728 wrote to memory of 5376	2728	Unicorn-12651.exe	99
PID 2728 wrote to memory of 5376	2728	Unicorn-12651.exe	99
PID 2728 wrote to memory of 5376	2728	Unicorn-12651.exe	99
PID 4252 wrote to memory of 1152	4252	Unicorn-56445.exe	100
PID 4252 wrote to memory of 1152	4252	Unicorn-56445.exe	100
PID 4252 wrote to memory of 1152	4252	Unicorn-56445.exe	100
PID 5420 wrote to memory of 3272	5420	Unicorn-48915.exe	101
PID 5420 wrote to memory of 3272	5420	Unicorn-48915.exe	101
PID 5420 wrote to memory of 3272	5420	Unicorn-48915.exe	101
PID 2760 wrote to memory of 3384	2760	Unicorn-41986.exe	102
PID 2760 wrote to memory of 3384	2760	Unicorn-41986.exe	102
PID 2760 wrote to memory of 3384	2760	Unicorn-41986.exe	102
PID 4700 wrote to memory of 3016	4700	Unicorn-63357.exe	104
PID 4700 wrote to memory of 3016	4700	Unicorn-63357.exe	104
PID 4700 wrote to memory of 3016	4700	Unicorn-63357.exe	104
PID 5444 wrote to memory of 1716	5444	Unicorn-62650.exe	103
PID 5444 wrote to memory of 1716	5444	Unicorn-62650.exe	103
PID 5444 wrote to memory of 1716	5444	Unicorn-62650.exe	103
PID 4620 wrote to memory of 4544	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	105
PID 4620 wrote to memory of 4544	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	105
PID 4620 wrote to memory of 4544	4620	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	105
PID 5340 wrote to memory of 4980	5340	Unicorn-25776.exe	106
PID 5340 wrote to memory of 4980	5340	Unicorn-25776.exe	106
PID 5340 wrote to memory of 4980	5340	Unicorn-25776.exe	106
PID 2228 wrote to memory of 5488	2228	Unicorn-56445.exe	107
PID 2228 wrote to memory of 5488	2228	Unicorn-56445.exe	107
PID 2228 wrote to memory of 5488	2228	Unicorn-56445.exe	107
PID 5376 wrote to memory of 3308	5376	Unicorn-65308.exe	108
PID 5376 wrote to memory of 3308	5376	Unicorn-65308.exe	108
PID 5376 wrote to memory of 3308	5376	Unicorn-65308.exe	108
PID 2728 wrote to memory of 2704	2728	Unicorn-12651.exe	109
PID 2728 wrote to memory of 2704	2728	Unicorn-12651.exe	109
PID 2728 wrote to memory of 2704	2728	Unicorn-12651.exe	109
PID 3272 wrote to memory of 5476	3272	Unicorn-18760.exe	110
PID 3272 wrote to memory of 5476	3272	Unicorn-18760.exe	110
PID 3272 wrote to memory of 5476	3272	Unicorn-18760.exe	110
PID 1716 wrote to memory of 1320	1716	Unicorn-55708.exe	111
PID 1716 wrote to memory of 1320	1716	Unicorn-55708.exe	111
PID 1716 wrote to memory of 1320	1716	Unicorn-55708.exe	111
PID 5420 wrote to memory of 4508	5420	Unicorn-48915.exe	112

C:\Users\Admin\AppData\Local\Temp\40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
"C:\Users\Admin\AppData\Local\Temp\40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        10⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        10⤵
        
        PID:18020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        9⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
        9⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        9⤵
        
        PID:13392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
        9⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        9⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26720.exe
        9⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        9⤵
        
        PID:17232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
        8⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        9⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        9⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        9⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        8⤵
        
        PID:14776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57186.exe
        8⤵
        
        PID:17912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        8⤵
        
        PID:14580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4428.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        8⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        8⤵
        
        PID:17924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        7⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        8⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        7⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49605.exe
        7⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38233.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        9⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        9⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        8⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8885.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        8⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
        8⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        8⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        8⤵
        
        PID:17500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36073.exe
        8⤵
        
        PID:17776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29630.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        7⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        7⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        6⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
        7⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        7⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        6⤵
        
        PID:10316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24492.exe
        6⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        9⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
        9⤵
        
        PID:12960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        9⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        8⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        8⤵
        
        PID:13460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        8⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        8⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        8⤵
        
        PID:13004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        8⤵
        
        PID:17164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        7⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        7⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        7⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36805.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        7⤵
        
        PID:15140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
        6⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        6⤵
        
        PID:13668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        6⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12877.exe
        6⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        7⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        7⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        7⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        7⤵
        
        PID:18160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42437.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
        7⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62000.exe
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        6⤵
        
        PID:16428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        5⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        6⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        7⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        7⤵
        
        PID:15660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        6⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        7⤵
        
        PID:17860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        6⤵
        
        PID:9440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        6⤵
        
        PID:12992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
        6⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        5⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        5⤵
        
        PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        5⤵
        
        PID:10296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
        9⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        9⤵
        
        PID:16708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53722.exe
        8⤵
        
        PID:13908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        8⤵
        
        PID:16056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 708
        7⤵
        Program crash
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 772
        7⤵
        Program crash
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        6⤵
        
        PID:628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 636
        7⤵
        Program crash
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 680
        7⤵
        Program crash
        
        PID:15908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58675.exe
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        7⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        7⤵
        
        PID:18144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 724
        6⤵
        Program crash
        
        PID:8736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 748
        6⤵
        Program crash
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        7⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        8⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        7⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        7⤵
        
        PID:13184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21952.exe
        7⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        7⤵
        
        PID:13804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        7⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        6⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4290.exe
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
        5⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        6⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60847.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23317.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        6⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        6⤵
        
        PID:15352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        6⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49699.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        5⤵
        
        PID:18120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62027.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        9⤵
        
        PID:15280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        9⤵
        
        PID:17120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        8⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28243.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
        7⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
        7⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        6⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38689.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        6⤵
        
        PID:11716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7961.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61851.exe
        6⤵
        
        PID:17332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54486.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        5⤵
        
        PID:2264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 636
        6⤵
        Program crash
        
        PID:5584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 636
        6⤵
        Program crash
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3230.exe
        6⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        5⤵
        
        PID:13340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        6⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        7⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
        6⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        7⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        6⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        5⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        6⤵
        
        PID:11512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        5⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        6⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56184.exe
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57229.exe
        5⤵
        
        PID:14588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62965.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        5⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58008.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
      4⤵
      PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
      4⤵
      PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      4⤵
      PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        7⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        8⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        8⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40661.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
        9⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        8⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        8⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        8⤵
        
        PID:15764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24812.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64849.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        7⤵
        
        PID:13000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        6⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        7⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7713.exe
        7⤵
        
        PID:17376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
        6⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        7⤵
        
        PID:17276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        7⤵
        
        PID:17668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:9152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1057.exe
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        6⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10802.exe
        7⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        8⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        8⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        7⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        7⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64912.exe
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        6⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        7⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        7⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
        7⤵
        
        PID:17396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50278.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        6⤵
        
        PID:12256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45974.exe
        6⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        6⤵
        
        PID:16388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        6⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53145.exe
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
        6⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        5⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        5⤵
        
        PID:12916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        5⤵
        
        PID:14940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
        7⤵
        
        PID:17720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1236.exe
        6⤵
        
        PID:16104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        5⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        6⤵
        
        PID:6420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        6⤵
        
        PID:15772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        5⤵
        
        PID:7880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
        5⤵
        
        PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
      4⤵
      PID:7620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
      4⤵
      PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
      4⤵
      PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
      4⤵
      PID:16332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54923.exe
        7⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        7⤵
        
        PID:16868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5009.exe
        7⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22144.exe
        6⤵
        
        PID:13404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60218.exe
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40211.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
        5⤵
        
        PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26143.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        6⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        5⤵
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        5⤵
        
        PID:16252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
      4⤵
      PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
      4⤵
      PID:7600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 700
        5⤵
        Program crash
        
        PID:16932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61997.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
      4⤵
      PID:15608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        6⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54591.exe
        7⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38584.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7032.exe
        7⤵
        
        PID:15656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        6⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        6⤵
        
        PID:10200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4180.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        6⤵
        
        PID:10896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        6⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        5⤵
        
        PID:8476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
      4⤵
      PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
        5⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        5⤵
        
        PID:18172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
        5⤵
        
        PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        5⤵
        
        PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
      4⤵
      PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61040.exe
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
      4⤵
      PID:14572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3854.exe
      4⤵
      PID:17252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
    3⤵
    PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
      4⤵
      PID:8044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
      4⤵
      PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34395.exe
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
      4⤵
      PID:17352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
    3⤵
    PID:4380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
      4⤵
      PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        5⤵
        
        PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48626.exe
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
      4⤵
      PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
      4⤵
      PID:18132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
    3⤵
    PID:7656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
    3⤵
    PID:10428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10252.exe
    3⤵
    PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
    3⤵
    PID:7128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        6⤵
        Executes dropped EXE
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        7⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        7⤵
        
        PID:13552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        7⤵
        
        PID:15088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39597.exe
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        7⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        7⤵
        
        PID:16024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10148.exe
        6⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        6⤵
        
        PID:12216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        5⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1760.exe
        7⤵
        
        PID:17484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        6⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11084.exe
        6⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        5⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        6⤵
        
        PID:11080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        6⤵
        
        PID:13660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        6⤵
        
        PID:17300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        5⤵
        
        PID:8028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27832.exe
        6⤵
        
        PID:16212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30036.exe
        5⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        5⤵
        
        PID:13388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        5⤵
        
        PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        7⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        7⤵
        
        PID:14320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        7⤵
        
        PID:9572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        7⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        7⤵
        
        PID:12948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        7⤵
        
        PID:16048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        7⤵
        
        PID:15136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13832.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        6⤵
        
        PID:15688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46230.exe
        5⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-678.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        6⤵
        
        PID:17756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62969.exe
        6⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10397.exe
        5⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38481.exe
      4⤵
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        5⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41329.exe
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48138.exe
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        5⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        5⤵
        
        PID:15996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
      4⤵
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        5⤵
        
        PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        5⤵
        
        PID:13636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
      4⤵
      PID:18108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
        6⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34783.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        7⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        7⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        7⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18704.exe
        6⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63862.exe
        7⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        7⤵
        
        PID:16352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        6⤵
        
        PID:7728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        6⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        6⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
        6⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
        6⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        5⤵
        
        PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        5⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36549.exe
        5⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        5⤵
        
        PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        5⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        6⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        5⤵
        
        PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
      4⤵
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28604.exe
        5⤵
        
        PID:15852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
      4⤵
      PID:15288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        5⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48642.exe
        6⤵
        
        PID:15208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        6⤵
        
        PID:17456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        6⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        6⤵
        
        PID:17960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
      4⤵
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16632.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        5⤵
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
      4⤵
      PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
      4⤵
      PID:10160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25677.exe
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52183.exe
      4⤵
      PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
      4⤵
      PID:16328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
    3⤵
    - Executes dropped EXE
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1278.exe
        5⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        5⤵
        
        PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
      4⤵
      PID:13708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
      4⤵
      PID:15856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56337.exe
      4⤵
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8452.exe
    3⤵
    PID:4964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      4⤵
      PID:13536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
      4⤵
      PID:17052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
    3⤵
    PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
      4⤵
      PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51766.exe
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
    3⤵
    PID:7020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33072.exe
    3⤵
    PID:15420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        7⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18885.exe
        7⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        7⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        6⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        7⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        7⤵
        
        PID:16912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14853.exe
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        5⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
        6⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41865.exe
        6⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        5⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        6⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        5⤵
        
        PID:17936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56437.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
        6⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51225.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        6⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        6⤵
        
        PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
        5⤵
        
        PID:9292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33956.exe
        5⤵
        
        PID:13476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
      4⤵
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        5⤵
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
      4⤵
      PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13172.exe
        5⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50229.exe
      4⤵
      PID:13168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4768.exe
      4⤵
      PID:10088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        5⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        6⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        7⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
        7⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
        7⤵
        
        PID:17324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22534.exe
        6⤵
        
        PID:11272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        6⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26136.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36145.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49144.exe
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
      4⤵
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        6⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11221.exe
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
      4⤵
      PID:5204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
      4⤵
      PID:14208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
      4⤵
      PID:17284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
      4⤵
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        5⤵
        
        PID:17380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32436.exe
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
        5⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8237.exe
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        5⤵
        
        PID:17212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11049.exe
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      4⤵
      PID:16872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
    3⤵
    PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
    3⤵
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
      4⤵
      PID:1144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
      4⤵
      PID:17820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
    3⤵
    PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51347.exe
    3⤵
    PID:10860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
    3⤵
    PID:17084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        5⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        6⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        7⤵
        
        PID:17348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        6⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38305.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        6⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5356.exe
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        5⤵
        
        PID:10832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        5⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54399.exe
        5⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        5⤵
        
        PID:16276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
      4⤵
      PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
      4⤵
      PID:17680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7956.exe
      4⤵
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
      4⤵
      PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
      4⤵
      PID:17180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
    3⤵
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25458.exe
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
      4⤵
      PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
      4⤵
      PID:18056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
    3⤵
    PID:7788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
      4⤵
      PID:16728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
    3⤵
    PID:9288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
    3⤵
    PID:11952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    3⤵
    PID:15228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22603.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        5⤵
        
        PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
      4⤵
      PID:7052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        5⤵
        
        PID:8560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31166.exe
      4⤵
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
      4⤵
      PID:13012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
      4⤵
      PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
      4⤵
      PID:18204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
    3⤵
    PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
      4⤵
      PID:9100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
      4⤵
      PID:13516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23178.exe
      4⤵
      PID:6036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
    3⤵
    PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
      4⤵
      PID:8756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
      4⤵
      PID:12900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
      4⤵
      PID:16236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
    3⤵
    PID:8060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7708.exe
    3⤵
    PID:10716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
    3⤵
    PID:14556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
    3⤵
    PID:16832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
    3⤵
    PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30611.exe
      4⤵
      PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
      4⤵
      PID:17900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
    3⤵
    PID:7252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37635.exe
      4⤵
      PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
      4⤵
      PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
    3⤵
    PID:9368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
    3⤵
    PID:11676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
    3⤵
    PID:15972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
  2⤵
  PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
    3⤵
    PID:7968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
    3⤵
    PID:6844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
    3⤵
    PID:16088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
  2⤵
  PID:7768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58943.exe
    3⤵
    PID:12932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
    3⤵
    PID:8356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
  2⤵
  PID:9412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
  2⤵
  PID:12196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
  2⤵
  PID:16304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1324 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3976 -ip 3976
1⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3308 -ip 3308
1⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5568 -ip 5568
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 628 -ip 628
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2264 -ip 2264
1⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5568 -ip 5568
1⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 3976 -ip 3976
1⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 11776 -ip 11776
1⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3308 -ip 3308
1⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2264 -ip 2264
1⤵
PID:15504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 628 -ip 628
1⤵
PID:15836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 7600 -ip 7600
1⤵
PID:16532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7564 -ip 7564
1⤵
PID:17200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe

Filesize
184KB

MD5
56d9ff2970cbed247d3d2be9a419a8b4

SHA1
d731ae293b5119f8e235e0777f94da64ece01788

SHA256
4a044082a8c584017dd9f7cbf190998714c663fd6b248dd5361cac66630389f8

SHA512
eca2268f2f4e3a42133f1cbeb7f67c54dccfd43334bc19a42211224c43c518c4e7ec1beb1df041202278b63606457597acc20b84427b515d0c9b991df99da743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe

Filesize
184KB

MD5
69c0344d97806cb9da7adf5c03b0695c

SHA1
c7b0073eb51cf307e48c77873a6b18ee5d17c590

SHA256
d930f048d61522c2704a96ea0c90957a630046333a54caa17adf28a9f5f8d1ce

SHA512
188d140fa30be59c07ad0828e21e30e75bce239f11b700f64984c5532963f8fd41398301c7174d6e1c2a69db39eddb247087e2271194ad7aa040a7fdd8b8e69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe

Filesize
184KB

MD5
3617fda28127c05e51c6f465078e3b1b

SHA1
b4f6176f0cfe5a24b59fc92a58d4aa2734eaec63

SHA256
60b55d3a4e5cc3387a35ce19f1083533f92f234ce51b680d5e579d51c28bb340

SHA512
9d5816ec9bebe1165b6e67c8f8b51c348c3ecdbe8014042f40f92e8f2e378ce53058322d28964d8ed8e6a5de3eac25cbe126d26b7f7e583944196a91190fd365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe

Filesize
184KB

MD5
dad97cb1bf9db3e5e3e25c33145b8757

SHA1
c9876bd1b9c06bc53a85994e72790bf774f8d5b0

SHA256
365b22a41875911a4ad16735a265c360bb6538e9753da9e1a636c51c63594e22

SHA512
b6916672ec3929f8010be83898c8dd6e16c8d281d66959360cb8de628eea3ab4b8e2b72609d178f4cf840c81cfedc176e1ccf1c88d5d35bd30bdccfe384fb2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe

Filesize
184KB

MD5
5e6c8db5a1cd098053173fcdacfb9224

SHA1
e7bab5733cce220f7e5c6e0075e1027a856c17c2

SHA256
8993ebcf2860c585a0aa7f39dc2f7b2af80358bd409a4ef54e26abe81ad01919

SHA512
21439221ba5c480549c7f2abff1c008bc2a2a85321b907bdf60781c4c7a135ccf7d0a9e77a1bae1f57fa35ab415bde340d7b8a2f2f628ab995b7271e4e02f82e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17507.exe

Filesize
184KB

MD5
ce84e208edaef6a79d0a9541a286a4ae

SHA1
930a935292c4b27fe83b3e4eea5d2e601afbe350

SHA256
d635889039560e927204a1761742a2669fd44c3c5b375d5afc5de92467c981f2

SHA512
15f8a5eaa13af425af3ef506b86a22265d6573c1d88e4a7f732ec4ceec675051a6b2110b9534d35a4b9d29001b0588400818dccdc27c96247496519ec4e29cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe

Filesize
184KB

MD5
035e042732f7bdeb8aacafb27f28de01

SHA1
e5df5a1c6cba4dcf406460e13ae8110750b78086

SHA256
48270f6ecee3e69bf302f046ee93997dd975178dd419cf091ba9e6150e2715ec

SHA512
44f5cea520d83b382f6168de26e4360f87cb8352d22f9815a6d683a0e27b4f97c2885a94737f8e366af2f1c6f2253c55173a9fc0d4b57a440a1112be64db35a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-210.exe

Filesize
184KB

MD5
e2280061347f79cb34e3be3314827dc4

SHA1
4a8a0c28b27826ccc4bb813c3903f8e22ba243b0

SHA256
117db76a7665d210f61d42ed53c7cd3da9844fffb274a4f8a49453cf3a05a70b

SHA512
74cf21b49ffd4e8a9254be28beda4805a4fdc828e8681ac05fd0c016cd32e173aca9fc8a480bc99d623cc167b6975e7f0ee06ad782aecc71eeb08474e5b3988b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe

Filesize
184KB

MD5
98c066e57c550e837dcfafef790dbcf8

SHA1
ecc8152eb5000bb83725d5b53ac7a685cf0e5f78

SHA256
30f05e25afad1c5cf93afe8e1635e0e389874e40d76cbf335798a94a3613e9b7

SHA512
2389ec4cc6acbdbe4e6f651ff9947707384c7f57d675f70d78b99ebe2b227ac322daefa3db81307791999e705cb09ceca0048074dcd408d8da7d5b21bfb4e94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25776.exe

Filesize
184KB

MD5
6b1c2edf5ffd10167416e4ece0b73d50

SHA1
4e8bec432b9b3c31312c4aa4158b7cbdeacf1700

SHA256
adc5c17be06d35aaf50a765beb2cac0c496e01d8c79ca79947654301c8ac00ae

SHA512
7866b21bbbe1538379a3bd0fe1b56493bb4dfd559a784d459a0087e9f3c2893136ed8d93832465bba8858452e2fee1859342dc293c2e8d8ea12258e0ea2a9c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe

Filesize
184KB

MD5
e34039151768ebe525fc1a943a0f20aa

SHA1
7a8f5fcc6f4282f2ca501b7028f99e900f2bd67e

SHA256
55207f9a8268b22df3772d6f88a6a52eeca06f4dce5c02bf50b02f591bcefa2a

SHA512
bde8e572cb1590f82e14d1ec01b2f0d100ae669c98fff40a17feafea7599bbb2046fd15ed19a7c606dfb6183f2b3638cb077cb8350ffd6f8c015adc6f1194453

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29370.exe

Filesize
184KB

MD5
4673fe85dbe869ac712f6fa20455de3c

SHA1
176633d7545a5293dc75431dd55647ae445534a9

SHA256
3780135fb50e9c0776699da5009b4b3f85775dcb95a4bfa3e23361aa0a74b96c

SHA512
d1292851cee605cef0265a05642b1ee0c258c6f10e333ccce60ca3db94426eed45ee6a91c588543b3d3291ca8aa329ef0593498893a2dd9e861d3ef380446fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe

Filesize
184KB

MD5
1a4a9ebd808791ce209544c8ce99d71d

SHA1
265d041c15ea94b50c22092b39c62fa115596685

SHA256
6f5c76933fdf781a31ee063d64231a794c25cde73abe2358a60f36018826281f

SHA512
b8b883bd0d3d366cd008d35071a314d9c2ecd87bc2f6af419e21692974a9dc7bcfae36a57c88906262e8e5ff0208cc8f9130b7023f5866c55fd02e649666403c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe

Filesize
184KB

MD5
a401e436f1202a711540926089fa0613

SHA1
0b8f98f18e065f3233be13394de68bb475c65d3d

SHA256
abb52522db161a20490dc1ad0c109e671e036b8709ab02e9ab376eac83720877

SHA512
3b06b3daafaa40896d5978b3ca914cb823a2f8ed381d1871b58dbe6905f4198ae9749ce97e09058d9953a66a2b9e1ce2b9dce81d53373bf2680ebfc4ddf98356

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe

Filesize
184KB

MD5
f1644d9e0a536aac2932fdc5664c7a17

SHA1
d0f7ee8e106949793b6d8ddae46ddcad3891828b

SHA256
adc93d1fdf7dcd14de18105017116b1efd5ed5c30c619c9ae13c726fd187e1ca

SHA512
24cd02239ce7a973d45288ae582af9359fd2a83fabdb95e38b2774bf3bc4356ad9cccb5703920ad9d98d70df3de6c75ff99392b73eda2b17a450d918b723ba82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe

Filesize
184KB

MD5
55aa9351bae28b9eab90cd9778d6c8cc

SHA1
256c235dc8729ecc6261b6e2175543e8b733cb11

SHA256
193f8d4b3bc853831040c5aea24b790d28e3a4edbadc4b09c7d8e031c3acb9c8

SHA512
ad85704659e412283bbe15debb0f7cb2d544401e1ff01b45c72b3f5e7fddaacb4ecce2c64ba97448774214f650c343901d637eaaa59c3d61f6e0afce70669e77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe

Filesize
184KB

MD5
114ca8934c51ee2827f842b43cd33790

SHA1
428e4d92a5abc9d4bbfd90dfc4d0e3daa1230ece

SHA256
45dd819bf9ba3cfdfa4330033fe1bbcbbd53100d190521a9dbea4ccc3855591a

SHA512
278f9137c9c07f9921e4c804985f0f703a331d94ff7070fc325c06f05837d6e37e23f73ce777a90a9c932af80830777fad3f8737fcdd5d0683d0d39ac0cacb45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe

Filesize
184KB

MD5
eba521fb2244b2bf9a637f93d4f79bbd

SHA1
35dd4f5cdece94aaa6644c04572b1fca07fa4f9b

SHA256
3b076350a1b54480f5278c7d7741b06ab482a31507abec62142627cc92fe344f

SHA512
73c264fe20e6ab9e2a4b1996eb87f9e4f5781852c5f85a5e2935d05d5dc2a98041dc7bbe51e558e9e215e115edeb81d84f97ba227cef317d749f1d9e78900cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe

Filesize
184KB

MD5
f4f7e7ea4e60ca81c4504d915e6212cc

SHA1
a082da8758240d6c989ecdaf9cc9f7984c9e050d

SHA256
e8b53bbf0614be4a83820f883bc47442cc0681cc5f65c03b00118406d2efd1c8

SHA512
e45aa273a4ee462bc0ac0f38513180018f17421d73d6ff424146e27ddf1d28f15e818efbf30023e449c73d84293c8f0cb161392f6c1ea9f0baf846c1f00de328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe

Filesize
184KB

MD5
eb664039d2b2823c6a4b54271ca45047

SHA1
b57b58cc6df1155ac06e479624d79e055f72d0d5

SHA256
cce748417d77a26cfc54e8299c189b337f5120ab6395374e93045616e46bcf47

SHA512
c27ca8b63f0ca71113c6d4f4b2b2d41a3724ac44f3e395406fc9f334a910a1ff9f2eff8967cdb724052f6f76c66a06910b4222adeb50a403f8eb4f4031893f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49578.exe

Filesize
184KB

MD5
c45668fc61ced39fd995d3e59c59c2a3

SHA1
aabe9372286237f2a3f4d123c4922908c646a58e

SHA256
1190e349d4a58b8be16495cd9f16a21740d9fa570fd9b9aee20a99ac64ec9741

SHA512
d97195567ffc37bde7ddf76dbd3d10c7bba61d1e2916f05be12d15a1a4857310bbf35ae4ebf76ab6431d23665e58b5719ee1c532e1857e87569f9932a36f778f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe

Filesize
184KB

MD5
8041dcce2e7fa5fbf5e557e05ca9f0b1

SHA1
1ca4dc05c2f868c029f93cec4b17d0508e009871

SHA256
790e071834d95cc210bafb529cfde809bef6c4a1c2378a876bca8e7d282a9168

SHA512
6869799172fde3db09db6007cc42b64f9315f993c382a6177295e9152670b59821511ecd87dc02c8fd1e349b0c69d53d5cd215a16e30a6588a8f6317406ce51a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5233.exe

Filesize
184KB

MD5
cfd1494b0daf6cba6fd02ed68f9ebc9d

SHA1
7d34cee3b5954f946eb04d6dfdfb0207542fe70c

SHA256
17e5c3d2edd57c9984406957a2cd9bfb2610f3cc53b040966f68307a606a2ccd

SHA512
9ab276d5d84e86ba3113a0075e0838add78ba1e26889b5ba268e7489aede9053e4ab86fb69918555d5e4333b0bdc76791120fdae01df7091c38e73322b5f59ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe

Filesize
184KB

MD5
618100a87e4731dc8268de84b96b15a2

SHA1
1b13fd0bdc812a1c0dda2f70bbcf085517b95c5f

SHA256
6c77dc117632be314c3b71206d62e39c0a4820a5e2057816a26f00393c898ba7

SHA512
4f86359b2717640ad772f78b718a1b7e17a2f99d305f6e72ee63a9d6bc3369a2b880cb696494c87e650a5205372a000beac75dee68b09baa2bb4bdc50d8eadd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55708.exe

Filesize
184KB

MD5
d3c141e34759581f0cc300fbd9c782e5

SHA1
1c74d591be1e9b38682e68a37ed5ba43e909520a

SHA256
036905e877d69709188a86d42a69cd838bde76503398e2c883d4010b83d64f95

SHA512
321f1544166dc8a5b10c605260afe056d6f29f5b39f0fcf95e07fd3b574c10409247d29f182e42b8647ce918cda8b02bb617ffd7f4848285da23cb090c1df06c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe

Filesize
184KB

MD5
efec4516023600765e73626be7a5c02a

SHA1
8875d7d6542e3cb291eece7a64a24abd4d842673

SHA256
402d0537125f9021144780baf66d9ef8a0d6f3ff53ae330b8424f696e21a0ec5

SHA512
aea5bf228f8aa8766f3ed9d6562efd113607c6e9926de968a8d45f349c4643614b0b8c98bf3584f862ff7c9929461c3aa2343c585665e8fd80b638dddce7a7cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe

Filesize
184KB

MD5
ee7d3eafbccb80a2d6fea6600ffdc436

SHA1
d66753dcafb09de535f7fef8a3388e70b3099f61

SHA256
9059c0c6d9c7796f3ec1c101f11402ee0a7d41ce7694c3e2ab49f7ffd060473e

SHA512
3d6e5c53afd22e6f583ca5b755ffb1b3f30a5c2b1178af1bfa8f66552de07444894582458522a91dcedc00839bbfc554b4a8b02be6c54d6dd4c367f41d29f28e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe

Filesize
184KB

MD5
577a3d9fa71b2c5b79a619e8be817c78

SHA1
67d261cb11b144c0092542f99f13c73970328718

SHA256
730bd58541d0c73407f9aba4d150a88845623dbe514debf36c3064c56a9deb37

SHA512
c5605ec4594780a54b44fc40d238ba02f50ff5a5a6bf58a71c84fbf6c4e83e77428129d8061ce3f8d67d2c53f516d989a77b5d2ebc19adfe56c46cf818517d30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe

Filesize
184KB

MD5
d56ef1fcb79b7759765789d2876bdf4d

SHA1
4bdc49b406cc337c20bc5eedb928fb3edcf93c98

SHA256
0cdc2c8a82c1f6b4edb053d544b071f28f51a9b443e79c75f2fac5934a99ada3

SHA512
00be3f84c860905e2cd1aa3e3e9ac6c7a2e09ef7c75470d43426d2d4f9f5881d53675b7bf4a72623f8af641d86ac5bd540fbb4c635a6ab6e5da7b77020002c92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe

Filesize
184KB

MD5
55a9e5d4290fae7616e8e8a8527a8065

SHA1
9cad5d8b06264390136d688bb1395f0f8c38cb7a

SHA256
2580913dadf7c7e1749a4c6016d04131e62d32d360affffd4a1e53478b48b165

SHA512
c2128d9f5e204fe3d3d04a6f49f5630ef9dc1bf146acf537ed350b8de16b485ec9690c5479a8dbb5a6658912b97564e4152b7d845c3c341fbdfe3aa59f41b9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64431.exe

Filesize
184KB

MD5
30c57a597e864c4db78ec87688074336

SHA1
2c89db8f5f0ec429808d776acae80c6881cae9d0

SHA256
1377b2b04febcf7bc476db9baf769b35d4349317fc762f7a60076b9c264321c5

SHA512
4c01600654643cb286307c5f482b75553442214e90bab0d400601e0d60ade7a162a349c6241b4cdfeaf07944ff14544c7594df7b69b6d07e80b44abf7bece366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe

Filesize
184KB

MD5
2596d11bddd6b4da85229ff27c9a3d7d

SHA1
f41c7df6af455befddbb462bcf652e3216bdb237

SHA256
05963b65c05fe69ae02492f03f551287a89d56b506bf5538e52e8ae70a424ecd

SHA512
172f1a225cbfab101129e47ce4bdb9e3b756b0be476382accd93d31358f1d8ac220c801b16e94fefb96db6a0ed8fd4b068f88424b56885f748b39a7a04719261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe

Filesize
184KB

MD5
6c2a963da2427721c74c722979785058

SHA1
dea8c0530090dc1517ba648015751a8883ee9232

SHA256
e78580e936af120eeb07c2ef24535e819d26afb45b2248da7695dc0dbb72493b

SHA512
ea5e59c4fb35da127353bc470b0259168516872808da28b2003d5dbcf7fcac8be87e6b9577511d7b243cd47445569ef6d1d27e316bba6b7f6eb7226f4ad35d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe

Filesize
184KB

MD5
dcb6e37bec5643b3cfedb279a20a080c

SHA1
b8341fdc72cf83681ce00f42bb2b327b29f70ab6

SHA256
6bf773c31d0d56a282c074ddc2adeb105e340243181f77e5c6b9eff83e938ef9

SHA512
5e67bae93f3ebe11c9f0319237e04de7197d0b4a5769fab789510702186bc33c1f2461595af3c943f58944af7e0572ffbda003d5a7ac05d81e657f87f26f0a7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads