71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe
Size

184KB
MD5

7f6f0a1b566211c02c2820e623af8547
SHA1

d83e99fe6993e779a4495d5349be5bb918525c3d
SHA256

71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f
SHA512

34b640c3635ad948858231561cf83543d3171e9fa6d5048b9c6f03ca3d4da50f833e8eeca6cb9c7c90dc1282b5a0f80830da3b7403042324345c7ca3e285c34a
SSDEEP

3072:7Yyi/DoRNZA8dN3DX9ehbwW2lvMqPviuC:7YToKoN3gh0W2lEqPviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5036	Unicorn-18531.exe
1244	Unicorn-58349.exe
1812	Unicorn-42567.exe
1076	Unicorn-18469.exe
5104	Unicorn-33605.exe
4344	Unicorn-51425.exe
3936	Unicorn-34757.exe
3352	Unicorn-65313.exe
4248	Unicorn-65313.exe
5008	Unicorn-63267.exe
4980	Unicorn-18805.exe
2828	Unicorn-38671.exe
2228	Unicorn-42490.exe
3016	Unicorn-444.exe
4072	Unicorn-23295.exe
4232	Unicorn-42323.exe
4812	Unicorn-4820.exe
4384	Unicorn-43450.exe
388	Unicorn-58660.exe
1020	Unicorn-43715.exe
4520	Unicorn-17073.exe
1524	Unicorn-1291.exe
4928	Unicorn-15026.exe
4580	Unicorn-56159.exe
1320	Unicorn-17073.exe
4836	Unicorn-51313.exe
4592	Unicorn-24639.exe
1944	Unicorn-63268.exe
2220	Unicorn-8110.exe
2556	Unicorn-16279.exe
3488	Unicorn-8586.exe
4756	Unicorn-35329.exe
4740	Unicorn-20939.exe
3852	Unicorn-20939.exe
2944	Unicorn-4965.exe
3560	Unicorn-8394.exe
4964	Unicorn-60196.exe
532	Unicorn-14524.exe
1456	Unicorn-22693.exe
4280	Unicorn-22693.exe
4916	Unicorn-26969.exe
2376	Unicorn-326.exe
2388	Unicorn-52650.exe
4296	Unicorn-3648.exe
316	Unicorn-12313.exe
700	Unicorn-6448.exe
1544	Unicorn-58250.exe
4924	Unicorn-58250.exe
4328	Unicorn-42091.exe
3108	Unicorn-26501.exe
3684	Unicorn-50451.exe
4468	Unicorn-10794.exe
2240	Unicorn-52781.exe
3496	Unicorn-30223.exe
1352	Unicorn-14441.exe
872	Unicorn-50835.exe
2096	Unicorn-19843.exe
3668	Unicorn-40529.exe
4368	Unicorn-55474.exe
4336	Unicorn-19917.exe
668	Unicorn-4135.exe
4072	Unicorn-41005.exe
5068	Unicorn-31353.exe
3948	Unicorn-31353.exe

Program crash 27 IoCs

pid	pid_target	Process	procid_target
2176	3936	WerFault.exe	105
1536	4248	WerFault.exe	106
3512	3352	WerFault.exe	107
4608	4072	WerFault.exe	116
4076	1020	WerFault.exe	121
3144	2220	WerFault.exe	134
5848	532	WerFault.exe	145
5888	700	WerFault.exe	153
6236	2240	WerFault.exe	162
7876	2200	WerFault.exe	176
8748	5160	WerFault.exe	191
9204	5680	WerFault.exe	207
8544	7120	WerFault.exe	282
9588	5944	WerFault.exe	233
11488	7156	WerFault.exe	285
11508	7144	WerFault.exe	283
12604	5884	WerFault.exe	288
13640	4860	WerFault.exe	286
13376	7624	WerFault.exe	341
16168	7136	WerFault.exe	284
18416	19280	WerFault.exe	986
19196	17880	WerFault.exe	929
18776	18392	WerFault.exe	957
8556	18436	Process not Found	1084
10416	8064	Process not Found	1242
11872	12808	Process not Found	1275
9120	10576	Process not Found	567

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Process not Found
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	Process not Found

Enumerates system info in registry 2 TTPs 4 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Process not Found
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Process not Found

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	Process not Found
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	5440	dwm.exe
Token: SeChangeNotifyPrivilege	5440	dwm.exe
Token: 33	5440	dwm.exe
Token: SeIncBasePriorityPrivilege	5440	dwm.exe
Token: SeCreateGlobalPrivilege	11004	Process not Found
Token: SeChangeNotifyPrivilege	11004	Process not Found
Token: 33	11004	Process not Found
Token: SeIncBasePriorityPrivilege	11004	Process not Found

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe
5036	Unicorn-18531.exe
1244	Unicorn-58349.exe
1812	Unicorn-42567.exe
1076	Unicorn-18469.exe
5104	Unicorn-33605.exe
4344	Unicorn-51425.exe
3936	Unicorn-34757.exe
4248	Unicorn-65313.exe
3352	Unicorn-65313.exe
5008	Unicorn-63267.exe
2828	Unicorn-38671.exe
4980	Unicorn-18805.exe
2228	Unicorn-42490.exe
3016	Unicorn-444.exe
4072	Unicorn-23295.exe
4232	Unicorn-42323.exe
4812	Unicorn-4820.exe
388	Unicorn-58660.exe
4580	Unicorn-56159.exe
4520	Unicorn-17073.exe
4384	Unicorn-43450.exe
1524	Unicorn-1291.exe
1020	Unicorn-43715.exe
4836	Unicorn-51313.exe
4928	Unicorn-15026.exe
1320	Unicorn-17073.exe
4592	Unicorn-24639.exe
1944	Unicorn-63268.exe
2220	Unicorn-8110.exe
2556	Unicorn-16279.exe
3488	Unicorn-8586.exe
4756	Unicorn-35329.exe
3852	Unicorn-20939.exe
4740	Unicorn-20939.exe
2944	Unicorn-4965.exe
532	Unicorn-14524.exe
3560	Unicorn-8394.exe
4964	Unicorn-60196.exe
4280	Unicorn-22693.exe
1456	Unicorn-22693.exe
2376	Unicorn-326.exe
4916	Unicorn-26969.exe
2388	Unicorn-52650.exe
1544	Unicorn-58250.exe
4924	Unicorn-58250.exe
316	Unicorn-12313.exe
700	Unicorn-6448.exe
4296	Unicorn-3648.exe
4328	Unicorn-42091.exe
3108	Unicorn-26501.exe
3684	Unicorn-50451.exe
4468	Unicorn-10794.exe
2240	Unicorn-52781.exe
3496	Unicorn-30223.exe
1352	Unicorn-14441.exe
872	Unicorn-50835.exe
2096	Unicorn-19843.exe
4368	Unicorn-55474.exe
3668	Unicorn-40529.exe
4336	Unicorn-19917.exe
668	Unicorn-4135.exe
4072	Unicorn-41005.exe
3948	Unicorn-31353.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 5036	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	96
PID 1204 wrote to memory of 5036	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	96
PID 1204 wrote to memory of 5036	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	96
PID 5036 wrote to memory of 1244	5036	Unicorn-18531.exe	98
PID 5036 wrote to memory of 1244	5036	Unicorn-18531.exe	98
PID 5036 wrote to memory of 1244	5036	Unicorn-18531.exe	98
PID 1204 wrote to memory of 1812	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	99
PID 1204 wrote to memory of 1812	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	99
PID 1204 wrote to memory of 1812	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	99
PID 1244 wrote to memory of 1076	1244	Unicorn-58349.exe	102
PID 1244 wrote to memory of 1076	1244	Unicorn-58349.exe	102
PID 1244 wrote to memory of 1076	1244	Unicorn-58349.exe	102
PID 5036 wrote to memory of 5104	5036	Unicorn-18531.exe	103
PID 5036 wrote to memory of 5104	5036	Unicorn-18531.exe	103
PID 5036 wrote to memory of 5104	5036	Unicorn-18531.exe	103
PID 1204 wrote to memory of 4344	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	104
PID 1204 wrote to memory of 4344	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	104
PID 1204 wrote to memory of 4344	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	104
PID 1812 wrote to memory of 3936	1812	Unicorn-42567.exe	105
PID 1812 wrote to memory of 3936	1812	Unicorn-42567.exe	105
PID 1812 wrote to memory of 3936	1812	Unicorn-42567.exe	105
PID 5104 wrote to memory of 3352	5104	Unicorn-33605.exe	107
PID 5104 wrote to memory of 3352	5104	Unicorn-33605.exe	107
PID 5104 wrote to memory of 3352	5104	Unicorn-33605.exe	107
PID 1076 wrote to memory of 4248	1076	Unicorn-18469.exe	106
PID 1076 wrote to memory of 4248	1076	Unicorn-18469.exe	106
PID 1076 wrote to memory of 4248	1076	Unicorn-18469.exe	106
PID 5036 wrote to memory of 5008	5036	Unicorn-18531.exe	108
PID 5036 wrote to memory of 5008	5036	Unicorn-18531.exe	108
PID 5036 wrote to memory of 5008	5036	Unicorn-18531.exe	108
PID 1244 wrote to memory of 4980	1244	Unicorn-58349.exe	109
PID 1244 wrote to memory of 4980	1244	Unicorn-58349.exe	109
PID 1244 wrote to memory of 4980	1244	Unicorn-58349.exe	109
PID 4344 wrote to memory of 2828	4344	Unicorn-51425.exe	110
PID 4344 wrote to memory of 2828	4344	Unicorn-51425.exe	110
PID 4344 wrote to memory of 2828	4344	Unicorn-51425.exe	110
PID 1204 wrote to memory of 2228	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	111
PID 1204 wrote to memory of 2228	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	111
PID 1204 wrote to memory of 2228	1204	71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe	111
PID 1812 wrote to memory of 3016	1812	Unicorn-42567.exe	114
PID 1812 wrote to memory of 3016	1812	Unicorn-42567.exe	114
PID 1812 wrote to memory of 3016	1812	Unicorn-42567.exe	114
PID 4248 wrote to memory of 4072	4248	Unicorn-65313.exe	116
PID 4248 wrote to memory of 4072	4248	Unicorn-65313.exe	116
PID 4248 wrote to memory of 4072	4248	Unicorn-65313.exe	116
PID 1076 wrote to memory of 4232	1076	Unicorn-18469.exe	117
PID 1076 wrote to memory of 4232	1076	Unicorn-18469.exe	117
PID 1076 wrote to memory of 4232	1076	Unicorn-18469.exe	117
PID 5008 wrote to memory of 4812	5008	Unicorn-63267.exe	118
PID 5008 wrote to memory of 4812	5008	Unicorn-63267.exe	118
PID 5008 wrote to memory of 4812	5008	Unicorn-63267.exe	118
PID 5036 wrote to memory of 4384	5036	Unicorn-18531.exe	119
PID 5036 wrote to memory of 4384	5036	Unicorn-18531.exe	119
PID 5036 wrote to memory of 4384	5036	Unicorn-18531.exe	119
PID 5104 wrote to memory of 388	5104	Unicorn-33605.exe	120
PID 5104 wrote to memory of 388	5104	Unicorn-33605.exe	120
PID 5104 wrote to memory of 388	5104	Unicorn-33605.exe	120
PID 3352 wrote to memory of 1020	3352	Unicorn-65313.exe	121
PID 3352 wrote to memory of 1020	3352	Unicorn-65313.exe	121
PID 3352 wrote to memory of 1020	3352	Unicorn-65313.exe	121
PID 4980 wrote to memory of 4520	4980	Unicorn-18805.exe	122
PID 4980 wrote to memory of 4520	4980	Unicorn-18805.exe	122
PID 4980 wrote to memory of 4520	4980	Unicorn-18805.exe	122
PID 4344 wrote to memory of 1524	4344	Unicorn-51425.exe	123

C:\Users\Admin\AppData\Local\Temp\71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe
"C:\Users\Admin\AppData\Local\Temp\71afedc13d482e4bdbc22dbf8270bd2c3e613ce93343dd5040a760f7877cf45f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4732.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 640
        11⤵
        Program crash
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 636
        10⤵
        Program crash
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 736
        9⤵
        Program crash
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 740
        8⤵
        Program crash
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 724
        7⤵
        Program crash
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 724
        6⤵
        Program crash
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18931.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        9⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        10⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
        10⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        10⤵
        
        PID:17496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6102.exe
        10⤵
        
        PID:19168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        9⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7044.exe
        9⤵
        
        PID:17320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        8⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        9⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        9⤵
        
        PID:14072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        9⤵
        
        PID:18748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        8⤵
        
        PID:13300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39412.exe
        8⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        7⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        9⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        8⤵
        
        PID:16044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        8⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        8⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27846.exe
        7⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        7⤵
        
        PID:15088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        7⤵
        
        PID:18572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        7⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        7⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        9⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 608
        9⤵
        Program crash
        
        PID:16168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        8⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
        8⤵
        
        PID:15356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        8⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        8⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        7⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:13120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        7⤵
        
        PID:17912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        8⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 600
        8⤵
        Program crash
        
        PID:11508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        7⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        7⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        7⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        6⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        7⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        7⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        6⤵
        
        PID:10528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        6⤵
        
        PID:16400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        8⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        9⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        9⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        8⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        8⤵
        
        PID:13736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        8⤵
        
        PID:17948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        8⤵
        
        PID:17920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35603.exe
        7⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        7⤵
        
        PID:14612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        7⤵
        
        PID:17316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
        7⤵
        
        PID:19336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        6⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        8⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        8⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        7⤵
        
        PID:13092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        7⤵
        
        PID:17996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        6⤵
        
        PID:13792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        6⤵
        
        PID:18780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12708.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        8⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 620
        8⤵
        Program crash
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        7⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        7⤵
        
        PID:14820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        7⤵
        
        PID:18164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        7⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6874.exe
        7⤵
        
        PID:15856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        6⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        6⤵
        
        PID:14040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        6⤵
        
        PID:17252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46949.exe
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        6⤵
        
        PID:17964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        5⤵
        
        PID:7672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:10284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        6⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        5⤵
        
        PID:14960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        5⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        5⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        7⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
        8⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        8⤵
        
        PID:16564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        7⤵
        
        PID:16500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        8⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        8⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        8⤵
        
        PID:18884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        7⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        7⤵
        
        PID:19420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        6⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        8⤵
        
        PID:16904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        7⤵
        
        PID:13748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        7⤵
        
        PID:19184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        6⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        7⤵
        
        PID:16268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        7⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        6⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        8⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        8⤵
        
        PID:12180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
        8⤵
        
        PID:19384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        8⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        8⤵
        
        PID:14604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        8⤵
        
        PID:19076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32115.exe
        8⤵
        
        PID:18920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        7⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        7⤵
        
        PID:18792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        7⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        8⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        8⤵
        
        PID:17860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        7⤵
        
        PID:15488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
        7⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        6⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        7⤵
        
        PID:15732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        7⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
        5⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        8⤵
        
        PID:14628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        8⤵
        
        PID:19092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        7⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        7⤵
        
        PID:12076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        5⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        6⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        6⤵
        
        PID:12868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        6⤵
        
        PID:18052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
        5⤵
        
        PID:12704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        5⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        5⤵
        
        PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        6⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        7⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        7⤵
        
        PID:16880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        6⤵
        
        PID:13076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        6⤵
        
        PID:16940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:14844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18478.exe
        6⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        5⤵
        
        PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        5⤵
        
        PID:14888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        5⤵
        
        PID:18148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8432.exe
        5⤵
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        5⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        6⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        7⤵
        
        PID:12320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        7⤵
        
        PID:16052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        7⤵
        
        PID:19212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
        6⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19781.exe
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52816.exe
        6⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        5⤵
        
        PID:6360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        6⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
        6⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        5⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53632.exe
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44619.exe
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        6⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:12312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        6⤵
        
        PID:16136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        6⤵
        
        PID:17740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        5⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        5⤵
        
        PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
      4⤵
      PID:5884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 632
        5⤵
        Program crash
        
        PID:12604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2414.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
      4⤵
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
      4⤵
      PID:17784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
      4⤵
      PID:5748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        8⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        9⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        10⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 636
        10⤵
        Program crash
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 636
        9⤵
        Program crash
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 736
        8⤵
        Program crash
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 712
        7⤵
        Program crash
        
        PID:5848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 740
        6⤵
        Program crash
        
        PID:4076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 736
        5⤵
        Program crash
        
        PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        8⤵
        
        PID:18868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        7⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        7⤵
        
        PID:18536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
        7⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        6⤵
        
        PID:11604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        5⤵
        Executes dropped EXE
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        8⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        8⤵
        
        PID:17852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        8⤵
        
        PID:15256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        7⤵
        
        PID:17880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17880 -s 472
        8⤵
        Program crash
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        6⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        7⤵
        
        PID:14420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        7⤵
        
        PID:16952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        6⤵
        
        PID:11252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        6⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        6⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33988.exe
        5⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        7⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        7⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        6⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        6⤵
        
        PID:13052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52737.exe
        6⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        6⤵
        
        PID:18464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        6⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
        5⤵
        
        PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41093.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16664.exe
        5⤵
        
        PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        7⤵
        
        PID:12344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17018.exe
        7⤵
        
        PID:16212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        6⤵
        
        PID:16056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2402.exe
        6⤵
        
        PID:5856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        6⤵
        
        PID:10508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
        6⤵
        
        PID:18056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        5⤵
        
        PID:10460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53877.exe
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        5⤵
        
        PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28795.exe
        6⤵
        
        PID:12028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
        6⤵
        
        PID:15896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        5⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        5⤵
        
        PID:19148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43129.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        5⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        5⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
      4⤵
      PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55803.exe
      4⤵
      PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
      4⤵
      PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
      4⤵
      PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        8⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        9⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        10⤵
        
        PID:16284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        10⤵
        
        PID:19364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
        10⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        9⤵
        
        PID:12792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        9⤵
        
        PID:16968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39381.exe
        8⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        8⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        8⤵
        
        PID:17268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        8⤵
        
        PID:18004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28394.exe
        7⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        7⤵
        
        PID:14856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        7⤵
        
        PID:18096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        7⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        7⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        7⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        7⤵
        
        PID:16152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63799.exe
        6⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        6⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        8⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        7⤵
        
        PID:17332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        6⤵
        
        PID:16448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        6⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        6⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2646.exe
        7⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        7⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42479.exe
        6⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        6⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        5⤵
        
        PID:16204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27675.exe
        6⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        8⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        8⤵
        
        PID:17832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        7⤵
        
        PID:15172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        7⤵
        
        PID:19256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        6⤵
        
        PID:18656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11893.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        7⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        5⤵
        
        PID:10264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55631.exe
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3582.exe
        5⤵
        
        PID:18988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43819.exe
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        7⤵
        
        PID:15272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        7⤵
        
        PID:19028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        7⤵
        
        PID:18912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        6⤵
        
        PID:17628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        6⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        6⤵
        
        PID:18520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        5⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        5⤵
        
        PID:19296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:10388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        6⤵
        
        PID:18928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        5⤵
        
        PID:10252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        5⤵
        
        PID:16072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41059.exe
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
      4⤵
      PID:10760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
      4⤵
      PID:13800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
      4⤵
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        7⤵
        
        PID:14092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        7⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        7⤵
        
        PID:18436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:9884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        6⤵
        
        PID:14520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        6⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38099.exe
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        6⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        6⤵
        
        PID:18276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        5⤵
        
        PID:14412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        6⤵
        
        PID:13896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        6⤵
        
        PID:17888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
      4⤵
      PID:10536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23825.exe
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3648.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        5⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16243.exe
        5⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        5⤵
        
        PID:19280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19280 -s 276
        6⤵
        Program crash
        
        PID:18416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9755.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
      4⤵
      PID:18156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44419.exe
    3⤵
    PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        5⤵
        
        PID:12468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
      4⤵
      PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14217.exe
      4⤵
      PID:18900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
    3⤵
    PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      4⤵
      PID:13960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      4⤵
      PID:17436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
    3⤵
    PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
    3⤵
    PID:13236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
    3⤵
    PID:17052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41120.exe
    3⤵
    PID:4500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 720
      4⤵
      Program crash
      PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        6⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        8⤵
        
        PID:13928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        7⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        7⤵
        
        PID:16860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        7⤵
        
        PID:18588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        6⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25840.exe
        8⤵
        
        PID:19172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        7⤵
        
        PID:14424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        7⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        6⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        6⤵
        
        PID:11996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        6⤵
        
        PID:16184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        6⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        8⤵
        
        PID:13832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        8⤵
        
        PID:18024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        7⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        7⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21216.exe
        7⤵
        
        PID:18140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        7⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        6⤵
        
        PID:11524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        6⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        5⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        6⤵
        
        PID:18732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53109.exe
        5⤵
        
        PID:13628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40940.exe
        5⤵
        
        PID:17760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        5⤵
        
        PID:18332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41105.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        6⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        7⤵
        
        PID:13836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        7⤵
        
        PID:17896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        6⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32095.exe
        5⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        5⤵
        
        PID:19236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44971.exe
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        6⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        6⤵
        
        PID:16108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        6⤵
        
        PID:19200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        5⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        5⤵
        
        PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
      4⤵
      PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        5⤵
        
        PID:18696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        5⤵
        
        PID:19372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
      4⤵
      PID:9560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
      4⤵
      PID:13620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
      4⤵
      PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
      4⤵
      PID:8472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        5⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        6⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58213.exe
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        6⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        6⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        6⤵
        
        PID:17840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9179.exe
        5⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        5⤵
        
        PID:15968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        5⤵
        
        PID:19212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        5⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
        7⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
        7⤵
        
        PID:18612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2846.exe
        7⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:12304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        6⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        5⤵
        
        PID:9688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31048.exe
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        5⤵
        
        PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      4⤵
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        5⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        5⤵
        
        PID:12276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        5⤵
        
        PID:12744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
      4⤵
      PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10794.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        6⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31549.exe
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
      4⤵
      PID:6964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        5⤵
        
        PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        5⤵
        
        PID:13984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44949.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      4⤵
      PID:12772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
      4⤵
      PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
      4⤵
      PID:12140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19723.exe
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36803.exe
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
      4⤵
      PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
      4⤵
      PID:16852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
    3⤵
    PID:6356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
      4⤵
      PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        5⤵
        
        PID:18596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
      4⤵
      PID:13944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
    3⤵
    PID:8672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
    3⤵
    PID:12676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27582.exe
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58401.exe
        6⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        8⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
        8⤵
        
        PID:16512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        8⤵
        
        PID:19276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        7⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        7⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
        7⤵
        
        PID:17192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        6⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        7⤵
        
        PID:15340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        7⤵
        
        PID:18524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29380.exe
        6⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        6⤵
        
        PID:14360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38810.exe
        6⤵
        
        PID:18132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        5⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        7⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 728
        7⤵
        Program crash
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        5⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59299.exe
        6⤵
        
        PID:16344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        6⤵
        
        PID:19440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        5⤵
        
        PID:14556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2391.exe
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49465.exe
        5⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        6⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        7⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        7⤵
        
        PID:13952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        7⤵
        
        PID:17340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        6⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        6⤵
        
        PID:17820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        6⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        6⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        6⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19676.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        5⤵
        
        PID:12892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
      4⤵
      PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        6⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        5⤵
        
        PID:12576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8222.exe
        5⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
        5⤵
        
        PID:19324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41006.exe
      4⤵
      PID:7004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4378.exe
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        5⤵
        
        PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
      4⤵
      PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
      4⤵
      PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
      4⤵
      PID:8052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36829.exe
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51079.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        8⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
        8⤵
        
        PID:19140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        7⤵
        
        PID:13764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        7⤵
        
        PID:18876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
        6⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        6⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        5⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        6⤵
        
        PID:17928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        5⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        5⤵
        
        PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        5⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        7⤵
        
        PID:12012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43182.exe
        7⤵
        
        PID:18480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        6⤵
        
        PID:16088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        6⤵
        
        PID:18776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        5⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        5⤵
        
        PID:16016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        5⤵
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35655.exe
        5⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24097.exe
        5⤵
        
        PID:18620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
      4⤵
      PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
      4⤵
      PID:12424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        6⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        6⤵
        
        PID:13920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        6⤵
        
        PID:17504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 636
        5⤵
        Program crash
        
        PID:8748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 720
      4⤵
      Program crash
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
    3⤵
    PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6991.exe
        5⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
      4⤵
      PID:15208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
      4⤵
      PID:18896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
      4⤵
      PID:19024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
    3⤵
    PID:6516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
      4⤵
      PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
      4⤵
      PID:13888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
      4⤵
      PID:18504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
      4⤵
      PID:18448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
    3⤵
    PID:7096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
    3⤵
    PID:13044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
    3⤵
    PID:17168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        6⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        7⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        8⤵
        
        PID:12916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        8⤵
        
        PID:19440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        7⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
        6⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33757.exe
        7⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        7⤵
        
        PID:15516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        7⤵
        
        PID:392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        6⤵
        
        PID:18392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 18392 -s 472
        7⤵
        Program crash
        
        PID:18776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28055.exe
        6⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        7⤵
        
        PID:14800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
        7⤵
        
        PID:19128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        6⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        6⤵
        
        PID:15168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        6⤵
        
        PID:18904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        5⤵
        
        PID:15300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        6⤵
        
        PID:9648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        6⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6058.exe
        6⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        5⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        5⤵
        
        PID:14880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        5⤵
        
        PID:17344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      4⤵
      PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50814.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
      4⤵
      PID:13220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53603.exe
      4⤵
      PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
      4⤵
      PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
      4⤵
      PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        6⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        6⤵
        
        PID:12328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        5⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        5⤵
        
        PID:19224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
      4⤵
      PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:16192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14495.exe
        5⤵
        
        PID:18772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      4⤵
      PID:8916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
      4⤵
      PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19664.exe
      4⤵
      PID:18904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        5⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
      4⤵
      PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
      4⤵
      PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54935.exe
      4⤵
      PID:6644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
      4⤵
      PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
      4⤵
      PID:17088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
    3⤵
    PID:13612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
    3⤵
    PID:17772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        6⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        6⤵
        
        PID:17272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45604.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        5⤵
        
        PID:14096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
        5⤵
        
        PID:18736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
      4⤵
      PID:16064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
      4⤵
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe
        5⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19863.exe
        6⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        5⤵
        
        PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53935.exe
        5⤵
        
        PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
      4⤵
      PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
      4⤵
      PID:19292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
    3⤵
    PID:5544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
      4⤵
      PID:8268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54260.exe
      4⤵
      PID:12544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
      4⤵
      PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
      4⤵
      PID:19132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
      4⤵
      PID:8464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
    3⤵
    PID:9904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60118.exe
    3⤵
    PID:14084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63460.exe
    3⤵
    PID:17312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
    3⤵
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58977.exe
      4⤵
      PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
        6⤵
        
        PID:13784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53749.exe
        6⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
        5⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        6⤵
        
        PID:19048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        6⤵
        
        PID:18496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34118.exe
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        5⤵
        
        PID:18552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
      4⤵
      PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
        5⤵
        
        PID:9164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        5⤵
        
        PID:14804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15351.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        5⤵
        
        PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
      4⤵
      PID:12004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
      4⤵
      PID:15980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
    3⤵
    PID:6532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
      4⤵
      PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
      4⤵
      PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27844.exe
    3⤵
    PID:9180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
    3⤵
    PID:13024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
    3⤵
    PID:17336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
  2⤵
  PID:5184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36419.exe
    3⤵
    PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
      4⤵
      PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
      4⤵
      PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61481.exe
      4⤵
      PID:17456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3803.exe
    3⤵
    PID:8368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35131.exe
    3⤵
    PID:12408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
    3⤵
    PID:16488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
  2⤵
  PID:6064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
    3⤵
    PID:11572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
    3⤵
    PID:14956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
  2⤵
  PID:9232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30973.exe
  2⤵
  PID:13668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
  2⤵
  PID:17792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3936 -ip 3936
1⤵
PID:836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4248 -ip 4248
1⤵
PID:316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3352 -ip 3352
1⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4072 -ip 4072
1⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 1020 -ip 1020
1⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2220 -ip 2220
1⤵
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 532 -ip 532
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 700 -ip 700
1⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2240 -ip 2240
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2200 -ip 2200
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5160 -ip 5160
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5680 -ip 5680
1⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7120 -ip 7120
1⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5944 -ip 5944
1⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 7156 -ip 7156
1⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7144 -ip 7144
1⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5884 -ip 5884
1⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4860 -ip 4860
1⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7624 -ip 7624
1⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7136 -ip 7136
1⤵
PID:16116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 17332 -ip 17332
1⤵
PID:19452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 18392 -ip 18392
1⤵
PID:19124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 17880 -ip 17880
1⤵
PID:19120

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1291.exe

Filesize
184KB

MD5
4a9baec1b56e88977125197895fed321

SHA1
af1ef633ea4ed4a05d51ab429ea580e659465098

SHA256
d7a7c616f70bd404df1fbb4d45e6a978917c0774e921900a0faa1d2b91388ea7

SHA512
b3e737bbf5c3dca9c47df0f6dde319d3fed321043a88bf93a249d2aa86632d9dc0f20fc739548d65c853bbfa9c854811390da14a5d6d62b07022bdd2adfea1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe

Filesize
184KB

MD5
d5f60fa08e6b2eb56089df0181b0cc1d

SHA1
9cbec010f5a085b352805fd049cb3d10d5b589ca

SHA256
d77fe7a404d385de0586be66fed748eb7b08ca337313ffa44a8d4e3c70993c2a

SHA512
aec9c96eb836f0b4e7771930d9a488e7b4680037eec654a7f92fe96c378e24399b25904a51b40ea2f4620e3df2928628e52c55885ad358eb60dfd71eb5cb1622

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe

Filesize
184KB

MD5
009fc5795bf87c80a08ff4e0e61905dd

SHA1
d3d8ffd77ffcbc4a4d77b6c34ca6a4c89de8e665

SHA256
c72e628d2bb418bf2ecdcf3796aa57f404ec5bb49035923f2f5d57d320644905

SHA512
c3692ea6eb4c2d7cf36f8ce41888293e1287976dc82d5025983c9ca6c9cc405e33ccc4a5dece16a0f6dcce19c6dd27ecb4cbb4cf81a12bd43555f8791ba1ca2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe

Filesize
184KB

MD5
a6a857fbd53034eef88cd7d6f6d88786

SHA1
e96ecfa83b0975b83d4ae0d1a5a9639137c36fc0

SHA256
8117a0e213356d0e01d78b8e483b3dba4422c3a2de8cf895ba91bbccb12fd5f7

SHA512
adb9b4fc1af912311c88eb2a01eeeb209740a3bcb8409310c144f2533112ca33bbf14dc2e5a0672bf4774ad00ab083016093e9f5a948e485e5bc122574c87d5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe

Filesize
184KB

MD5
9046c7df4ad44ccde6a44652684ec290

SHA1
0ed87bb7e925b742534879e1d0a99f67dcc99c51

SHA256
5e3308fb9366c834f107f031d591796d8e9d8f8bd5f7a29c1cee8785f393f1dd

SHA512
2374c2ef145e1fd1c6c6bfc264eaf0bf53f43a5b28bc0c6ba12f14be262acf408d6dd37bb6ff36e0212c8c388edcd2805ed0aed069c407874959bd784ea7356b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe

Filesize
184KB

MD5
ba843741cc09ffe0528ad5407d330b38

SHA1
453d13de81d166baad02218dc271be1861cc39f0

SHA256
c3dd87f0d348797092b55d08159d1dd830e45f4719c34a983fd1676cc88e7721

SHA512
18f2a13f975c718c2933dcaa1985ef67aa4e17cc4658d2e0c04d3b2c2d095baad39f1f50a5ed9c2a941e2f30d63053a2536b6d45c7033c236f8a965a1398a8c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe

Filesize
184KB

MD5
864f0d0652d0704808bf3d0f6d0d140d

SHA1
4d70c21d46e9bcf2d98f5fb9f8bd4ace0d381977

SHA256
eba9c6571602b5cbeb64cb915fdd4e40f53768a2d456a09d1f3f343e8b7fca80

SHA512
5929843a7e374fe31000bc635058d8221dabe75db86bcac340081995d070934164911b9647061bbef1aa009e451b7f9ad628e8a0549cd777dab86b88e9074562

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe

Filesize
184KB

MD5
db2f8cd2b23028c340a659a0b387b107

SHA1
336409d55b5f028e941e5fa396531a3cbde76284

SHA256
5134b0846c4f6d4d45dae7f67e7a947d90845902eeb2e24cec3dc0305374940f

SHA512
4e68f8b6d83ed89104770ab60d8c7d9d1bae3b5ad5e9e6ab91ff7dc85fd054f9342a4c3bef53aa82ddeb0470176cbba984d70d863bf68d5f22c4322197f7e5a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23295.exe

Filesize
184KB

MD5
1a76e2b64c768859d4ba9f1eb2a7fbd0

SHA1
de73c70170c6b65b73271e3141b47e501b0ab26f

SHA256
8668e17e8b4bdfc476ce8806a41bec4030c1c04f32a13131a37a75809649c7e6

SHA512
8d1446165756a90aca254ceffc3289686ad2328fb30b6e08ea6c0ff9f178bf542877f163bedf7bce7e640ed4501dad2aa14185683de229de09d23abb91a59ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24639.exe

Filesize
184KB

MD5
84ca8fdc71728b06d057a640cc98ce73

SHA1
387476a5510eeda199f86bda3a92b5cce7c7aa9f

SHA256
0adbadf8a340fac243f732c8a8d004edaba8f9ad99e13fbd62060846929bb95b

SHA512
f807dc9e8c8b5566369e0514794430ab711a6ce1c84a344f1554de38df46d37368dd1dc387aaac20dbbc298bd22a5120b8e3b8167b719cda7ed8168ad033dce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe

Filesize
184KB

MD5
e5a49fb20089710dd823fc6e3d17da02

SHA1
1e34583e62fa89c8d16a5a1eb1f97ebf409db2d0

SHA256
0f298d0d8e488340391dd1e34ffb4634039db4310394de1759e1125a2b72be0a

SHA512
cf6e70bc9608e8559a47afdbbc2512af3e1fa027db25acb5c34e3b39783af544cb008c0f9d602d0891256e49ded09aed268168d964d30147a6e228058d202f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe

Filesize
184KB

MD5
397fbbb614a46f2e77522a099f4fcd53

SHA1
e8eb7fb268eefcfd4beab7ddd3fad2c8fcdd2b17

SHA256
67553307eb6d749ee84ea3ea471cfc71ca8dc18b1b8c285e2958883ef6aa83ff

SHA512
74a1d2d1161b22968452d1afb0efd209d2dc0b508a59227ccabeb4b8de3804618bec5cc53c576856b62547cc78e37196c782ba76bb15f5ff529400e8ad594552

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34757.exe

Filesize
184KB

MD5
61e57bf4eb0e4d9d6a8c07884fd3a200

SHA1
aed28f993ce5a2e44ba29d90c99cc857f4952a05

SHA256
43aa588b52ee821e9fb65c6756ce3510b1d14bd25e2d9b9f6beaa3d01961011d

SHA512
03b5dc16b724aaf608f81411edfd2b50d75d651fd7596aacebc421a5163f1493fec6a76e4b33e0c5e9860e7548bf84be83f6cd69cb27e21c60474725ad5dd60a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe

Filesize
184KB

MD5
e8b4c4f12c7e1c1f6300f55ca652642e

SHA1
7fd27609a794135b0b1bcab02e822fab25ffa42f

SHA256
bad369bc1c0f36c25e2d97a86aa1d44469a415a995f5f313364217e797f60e8b

SHA512
50887e7cc2ba05abd4cb0d502daf01b11f9c1030b4020da73044a73238db42ab6208844ff49844c349aa6f3d3ca286eacfbb5085edab7eae85deeb27744ad0e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37850.exe

Filesize
184KB

MD5
745b7eccff9ed5973ad09954766e85a2

SHA1
651b7e39a4836ed2278b54f07b0801778ac8522c

SHA256
9131f9ec43e7c4af261acad08dab0f25edce4981c343d105f2111a342ea13c4b

SHA512
ce29913b2ef1c744b0e522c432810f8c90b81b53870e28b9c56f6d130619385a95b8b5e52b69ddb90333acef17ac21bff618ca00a0b106eec5820d110af42fab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe

Filesize
184KB

MD5
f52ebcf6f5e8430728a1de5b1df2dd69

SHA1
9e87e5a0487332b4a9565c236ad918c12be48e53

SHA256
378cdfe97af427d67a30a7d926a29ecf52ae84e2eea93e68b0417d5705280c81

SHA512
14966e432358e9d527a98ffcb9235409afc1eb7d88b41d4962f5f31035c659f3b378d68154f515fcda755067eec79e50cc5fa38e1d804b597165894a8a239c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe

Filesize
184KB

MD5
b19c333ec52ea7aeba379650f887b81b

SHA1
100a99606868a6f151aee83dd00589303814743c

SHA256
2ecf9da5de31fba3c344c466e595b74579b74692677edbfa3fe2f0a5c9e29718

SHA512
2660f8bbad625ae71b84661fdb194497c79ad5e4000089d716e7534b4f944ddd0d32fa2a4be0c3c1dbee6e084dc830dc1267a212136cf8b98b468f12176b6fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe

Filesize
184KB

MD5
573ed00bc8decfb6495e7947c5ad2fd3

SHA1
3cc6f001f1c82808f576655f545727083b828aa4

SHA256
acbfd2ccdb87230988c9575efe127056b5856b84b7c687803f7bc1dc7fc6d528

SHA512
326b4c324833f542b9d161bc4d38511e28bdc3dce6b554f0e34506c425e5a62a2af36005ee3ac01e383a42c6954dbce0a7eea95ec190d240f6b51ab535db0fe9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe

Filesize
184KB

MD5
95911672bf213f8d61a79cbfe83c5cf4

SHA1
28881c551839280bee13aabfb4081b77faaf02e5

SHA256
bfc0a982d73e49d9d3382afbc5acdff074782d92f41dea76727d81c9e7fed435

SHA512
4efc9b75532e54b0f0176bb6157b1003743ec590dc6d37efe8a9e2ae33b732a6a4682501c99f9b1b54e7c1b1d24882de10e8e7eff49295b635464282e1985071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe

Filesize
184KB

MD5
856c4a4af148d199845d25aa2f16e76f

SHA1
74fff201b3b180364e8f077c32eddbfa9dd1377b

SHA256
9462c0e2f9be1683aa7ff39a44c030ce81afebf3400848fcf0869f0cb6f9fa1a

SHA512
897b06a1fbd8e2f606993edcf84c06f1f40901a19b18f45f08466634945f8f529d4d2a427891cda962e3808197fc647bb11e9fae75ed403694d3b3076d0dd150

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe

Filesize
184KB

MD5
4dc738cb13ca31e3302b58fa2d3db5c7

SHA1
768f9d4747f17c8fc90c90eaf8c611c389afc906

SHA256
39d1a0c33138e5d8fce6d91886cf19d20bf617bc1edd2340e1100250ef9b53a7

SHA512
2c74376f1633b628707277d0693e9f4e15dd0b212980cd910b2901156707072eea3df133c421124bca87ea3d2d2637402ad963440f8daf502ab31d6a273aeccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe

Filesize
184KB

MD5
a1f766484b45be512475ffda1343f566

SHA1
e15e23af7116884df5e95d997265bd25589876b8

SHA256
952a1930cfbd4f3367dc52dc21d30bcbe695d1c414b8a0dc5bee444d414b794c

SHA512
21c8e03cdc5bcfeb4b989d32edd55e59b4301e9edbc49ce6646cd06e269cd4898ecb26dd7c1c7ca62c8c10f463ee4973bc943505b9517c9f2fe383964741c484

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe

Filesize
184KB

MD5
835ffcf2c10090845e4fa4ddd39c6f5a

SHA1
b04c43e6f9e7e4b409398e42c4e3f4fd66017709

SHA256
79b047f8e661ab479b48ab1cd16bcf9a0415567a24ffbcd4c7d8316147ff96fc

SHA512
301193e153c1ceaf8815cbdfdc7d0c597b0d611c8bd3b30796b360c459f3ae5491e363cb48a32bb41819c342c8d91f06a28f72046cc40afe88171c46f43758cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe

Filesize
184KB

MD5
37d7aeaa29474f4a60db2fb294669a51

SHA1
a4fe20fe29b4d11042b885e45431ef549a2e3443

SHA256
7ac7f2e2b674cf3c15c4c24a9faa96bd801b8fd4dd4fedac7633fd0cd45bab53

SHA512
d4ef583d0117123a22345608bbaca6aecce03736c760ee2430c2597b7b88f62abe250d1d52a5ce288dfb135d5bd255f8d0ad883bab5d0e422713071574e98c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe

Filesize
184KB

MD5
d3f8579447c95b8ffc448b85d3822419

SHA1
42e29bb2fa6dfa65ede72692731e47e5661a8c83

SHA256
0356d61fe95d8289f14e5931c7e1ade88ed8d8bbbd22edfa80bc399e550ec2e3

SHA512
df9978fff9ae7304231c0ae3b188f158343e7f9ef9ba4e0485a69521c00b3f29b835e533e504be91886b5cb0c6ec884735f513454a1066e7bca09f6e2d22dadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe

Filesize
184KB

MD5
96beb77f64a7eea665fb36fee0c8a14a

SHA1
fca2f4c3762c74b0bfb78c2b896761ba29d282ec

SHA256
f45a5c077c994edbe1311c24e3ed9966b62af1ea58ade664502b72ef031fd91d

SHA512
7e18a8b0610a1d4d729a71dc60f2a818181066cdc832e460aba3cd25b6e03967329e9700f417d7725cabf4c34603cb6538ca454aff69edb7b3d8d14de4296fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe

Filesize
184KB

MD5
1f912bc2299680f489b5878cae9f080b

SHA1
6199b0d5c6107242843c383e0334a000aad7b649

SHA256
e86dc10a5a5a29d4a9629163e55d9053ae29b97480038b8c0baff8691f61a897

SHA512
f85b2d17c86e271ceec1622bde5c658c921157c97ce8b5f42c5d149cf61d69cf2302dc24de2ae294afbf0c7c8cfea037d69540451cc59f8ab85edf9b4f2f8fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe

Filesize
184KB

MD5
866d73b1418102bfe6adeb849a7052d5

SHA1
4ca037523046310a28e5876f88177af76e833eea

SHA256
3e287ba898e43b665cf15156041a86c7ef74066874babb04bcf2cf5630619229

SHA512
98163655046d4f6f85834637b2762c5dc92bc35de4c1ef7d7169afa3b3650c6709722ae9501294d5bcdfbc6fcc0b30e27b83cfefe27a6ad35c73a16760f6768b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe

Filesize
184KB

MD5
46056295303dc6c555adb0eb0756f705

SHA1
f0e1cf8ff49a271a9861e0743bc01106766a2102

SHA256
003d8debd03330c68c10490aaa133022c538c8f84b2053994a90d36aa26f53a6

SHA512
8ae45716a90f8e4c496088d0b68ab421cf36abbf895e8c25e66c089103ad096f9009de1ef68cbe55a89c03f33875b126186b0837df0a509defaf2ad36cafa048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe

Filesize
184KB

MD5
0b71cd2d8a8b824e3a5d87881b1f7699

SHA1
63b375974b90e6430209b9ae9b6daae93bdaf5f8

SHA256
82209320d2fd91694338e0651f225bca45f1ecef346623c027231ab55e4a354f

SHA512
f8b88b64f3ea97f824c0f566007f6f376ffca866c9b28ebcbf9f25847d2eb04c8a06c0a9405a4fe2ef0662176d4fe7a193df4c023122611eb5ba8df23612c1c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65277.exe

Filesize
184KB

MD5
9810814a8fd52c6a712bfd87d3779fd5

SHA1
da039fd8d62a9eb50970d397dfe77fec64672c9c

SHA256
47c19df8e0a1a6dd3c1e2c104dd29b8c7f6d68968f56231c4f7993fd163c756c

SHA512
db5dd7fd7d4c29d9c28dd23afc42c7339956cbfa5c37f2299721b5755c3dbcb88acaa6b339b1db5342098b53983bc1e7babdf82538ddb7ea58b56046677365f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65313.exe

Filesize
184KB

MD5
87aff4271c5ffac3bdf6a5841ac78349

SHA1
af4e513ed1c68278f66ae752a2d20ee4e0ea79bf

SHA256
35a7d8282fba12f767d44e7ba50acf6426b8cff3bd2e91fa5f941b0802de7cfe

SHA512
e6514c92e9f05f15aedd15d5c79f03eab1a20959d7641147297674ca80d8df3a0a9df7accaa7f0b3775798dc83c77391152da80061850e880d719fce099aa890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8110.exe

Filesize
184KB

MD5
a2e88f660ae6ea2210d7e76c11c51d05

SHA1
00706fc88c58ad4022642b7f1ef47f3221c6afad

SHA256
a0c2e216d5c0149d4197eaaaacefc4658f94ffc10adff24c1c14a4220fafba24

SHA512
fd574eed53e77462ce5d6eced6f9a5cc152c8d17fae2a36320a75eb39249c578cbcb093b47932cb463aeaa3e00abcb1c7a3a5c75be5ea9a655f1d13f354db94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe

Filesize
184KB

MD5
f0167dd06970babdaec8871528139313

SHA1
13f8f617eec350d8f21fcae3e9480ada4a868833

SHA256
f747885c731e86d94a8d38dead8094a6f6567b2c6eccbdd9d731008b6f6f80a5

SHA512
42d29baa78820a6dfbae3d2343e88f3d96b7400be73e3b634b6eee475ceeeafe6425929291313a848d352b2ce17b87a2a50c978bf15d50f6444db4dfa87cd55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe

Filesize
184KB

MD5
cdb219e5b932bb9baa373ca7535a3a1f

SHA1
8a81627125702a6ab7eb00813f4048b24efd0e1f

SHA256
596ba05f12c128362381fb39d10ab01856047f6785a7554aedc258ab33484ceb

SHA512
07bd9b6da96f83f2f29207550d81f5464cc67a0c0774ae241bfa9b75dc4638176da999e47ca3e1152c89cb544a2e4974a353626396dc4d25624da49e015fc4cf

Download Submit
memory/19200-3042-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads