e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 07:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
Size

184KB
MD5

63c125b305d768a1912951bd48b40069
SHA1

3cee49822d3e4d37157cf4114163eda83e45802e
SHA256

e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621
SHA512

7410ebdea24725d08b31d63043128b60ca703ce0d021fb7df09267e27cd04528e10fdcb0082a0e541a14cbd0ce386f9876f107b44768a253ed875e2310c68754
SSDEEP

3072:+rCPSUonr94zZn0SWOzbiKZ8HlvnqtxiuB:+r0oqtn0GiG8HlPqtxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2752	Unicorn-51549.exe
2972	Unicorn-34153.exe
2264	Unicorn-54019.exe
2716	Unicorn-5123.exe
1372	Unicorn-19422.exe
3060	Unicorn-24444.exe
2920	Unicorn-23501.exe
684	Unicorn-19971.exe
2284	Unicorn-48005.exe
1676	Unicorn-64341.exe
1468	Unicorn-55908.exe
1512	Unicorn-842.exe
1312	Unicorn-30019.exe
2192	Unicorn-10153.exe
2220	Unicorn-63075.exe
2508	Unicorn-43209.exe
2380	Unicorn-38379.exe
2492	Unicorn-10541.exe
1816	Unicorn-7434.exe
680	Unicorn-6672.exe
856	Unicorn-57512.exe
812	Unicorn-48394.exe
2632	Unicorn-9245.exe
1712	Unicorn-54917.exe
1956	Unicorn-23382.exe
552	Unicorn-33587.exe
1136	Unicorn-56054.exe
2332	Unicorn-11876.exe
872	Unicorn-48270.exe
2312	Unicorn-56438.exe
2832	Unicorn-6972.exe
1792	Unicorn-58476.exe
2748	Unicorn-15405.exe
2792	Unicorn-15405.exe
2712	Unicorn-12260.exe
2800	Unicorn-6660.exe
2584	Unicorn-40294.exe
2808	Unicorn-40294.exe
2740	Unicorn-39532.exe
2688	Unicorn-28596.exe
2164	Unicorn-48462.exe
2600	Unicorn-36764.exe
2180	Unicorn-1347.exe
1240	Unicorn-19721.exe
2016	Unicorn-6308.exe
2736	Unicorn-39042.exe
868	Unicorn-1539.exe
2020	Unicorn-30932.exe
484	Unicorn-34212.exe
2996	Unicorn-22514.exe
788	Unicorn-52172.exe
2528	Unicorn-42380.exe
1532	Unicorn-59100.exe
444	Unicorn-17090.exe
1940	Unicorn-23413.exe
2512	Unicorn-11715.exe
1692	Unicorn-5540.exe
1836	Unicorn-26899.exe
1080	Unicorn-55125.exe
600	Unicorn-5924.exe
2440	Unicorn-13714.exe
1804	Unicorn-22645.exe
860	Unicorn-19115.exe
296	Unicorn-27283.exe

Loads dropped DLL 64 IoCs

pid	Process
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
2752	Unicorn-51549.exe
2752	Unicorn-51549.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
2264	Unicorn-54019.exe
2264	Unicorn-54019.exe
2752	Unicorn-51549.exe
2752	Unicorn-51549.exe
324	WerFault.exe
1372	Unicorn-19422.exe
1372	Unicorn-19422.exe
2264	Unicorn-54019.exe
2264	Unicorn-54019.exe
2716	Unicorn-5123.exe
2716	Unicorn-5123.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
3060	Unicorn-24444.exe
3060	Unicorn-24444.exe
2752	Unicorn-51549.exe
2752	Unicorn-51549.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
2920	Unicorn-23501.exe
2920	Unicorn-23501.exe
1372	Unicorn-19422.exe
1372	Unicorn-19422.exe
2716	Unicorn-5123.exe
2284	Unicorn-48005.exe
2716	Unicorn-5123.exe
2284	Unicorn-48005.exe
684	Unicorn-19971.exe
684	Unicorn-19971.exe
2264	Unicorn-54019.exe
2264	Unicorn-54019.exe
1468	Unicorn-55908.exe
1468	Unicorn-55908.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
1512	Unicorn-842.exe
1512	Unicorn-842.exe
2752	Unicorn-51549.exe
2752	Unicorn-51549.exe
1312	Unicorn-30019.exe
1312	Unicorn-30019.exe
2920	Unicorn-23501.exe
2920	Unicorn-23501.exe
2192	Unicorn-10153.exe
2192	Unicorn-10153.exe
1372	Unicorn-19422.exe
1372	Unicorn-19422.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
324	2972	WerFault.exe	32
320	1676	WerFault.exe	42
1724	2584	WerFault.exe	70
3056	2164	WerFault.exe	73
1592	2016	WerFault.exe	77
284	788	WerFault.exe	84
1588	2736	WerFault.exe	78
2144	1556	WerFault.exe	109
1068	2832	WerFault.exe	63
340	3048	WerFault.exe	104
1704	600	WerFault.exe	93
3520	1472	WerFault.exe	196
3272	2560	WerFault.exe	185
3420	1632	WerFault.exe	135
4660	2680	WerFault.exe	162
4756	5004	WerFault.exe	335
4688	4436	WerFault.exe	326
5016	3940	WerFault.exe	220
3704	1668	WerFault.exe	143
4252	3804	WerFault.exe	264
5224	2104	WerFault.exe	178
5780	2672	WerFault.exe	108
5980	1840	WerFault.exe	181
6068	2456	WerFault.exe	184
5272	1736	WerFault.exe	187
5624	2772	WerFault.exe	128
6776	2876	WerFault.exe	179
6876	1764	WerFault.exe	153
7076	2708	WerFault.exe	175
6192	4188	WerFault.exe	321
7392	2336	WerFault.exe	160
7596	2820	WerFault.exe	177
7464	4008	WerFault.exe	247
8180	2252	WerFault.exe	156
3036	1356	WerFault.exe	142
7896	1332	WerFault.exe	144
8208	4024	WerFault.exe	283
8492	2888	WerFault.exe	165
9000	960	WerFault.exe	193
8332	1896	WerFault.exe	118
8656	2696	WerFault.exe	99
9164	2272	WerFault.exe	194
9192	2740	WerFault.exe	72
8860	1132	WerFault.exe	136
9292	2280	WerFault.exe	113
9772	2592	WerFault.exe	163
10156	3436	WerFault.exe	318
9980	4952	WerFault.exe	334
10032	2744	WerFault.exe	161
9916	1596	WerFault.exe	157
2060	2380	WerFault.exe	49
10756	1940	WerFault.exe	87
10288	2080	WerFault.exe	101
10352	1744	WerFault.exe	112
10276	4612	Process not Found	328
11168	3668	Process not Found	315
11144	3592	Process not Found	290
10432	2492	Process not Found	50
11784	3208	Process not Found	251
11608	2528	Process not Found	83
11552	3144	Process not Found	200
12512	2172	Process not Found	182
12428	3060	Process not Found	37
12336	2952	Process not Found	180

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
2752	Unicorn-51549.exe
2972	Unicorn-34153.exe
2264	Unicorn-54019.exe
2716	Unicorn-5123.exe
1372	Unicorn-19422.exe
3060	Unicorn-24444.exe
2920	Unicorn-23501.exe
2284	Unicorn-48005.exe
1676	Unicorn-64341.exe
684	Unicorn-19971.exe
1468	Unicorn-55908.exe
1512	Unicorn-842.exe
1312	Unicorn-30019.exe
2192	Unicorn-10153.exe
2220	Unicorn-63075.exe
2508	Unicorn-43209.exe
2380	Unicorn-38379.exe
2492	Unicorn-10541.exe
1816	Unicorn-7434.exe
680	Unicorn-6672.exe
812	Unicorn-48394.exe
856	Unicorn-57512.exe
1712	Unicorn-54917.exe
2632	Unicorn-9245.exe
1956	Unicorn-23382.exe
552	Unicorn-33587.exe
1136	Unicorn-56054.exe
2332	Unicorn-11876.exe
872	Unicorn-48270.exe
2312	Unicorn-56438.exe
1792	Unicorn-58476.exe
2832	Unicorn-6972.exe
2748	Unicorn-15405.exe
2808	Unicorn-40294.exe
2712	Unicorn-12260.exe
2584	Unicorn-40294.exe
2800	Unicorn-6660.exe
2792	Unicorn-15405.exe
2740	Unicorn-39532.exe
2164	Unicorn-48462.exe
2688	Unicorn-28596.exe
2600	Unicorn-36764.exe
2180	Unicorn-1347.exe
1240	Unicorn-19721.exe
2736	Unicorn-39042.exe
2016	Unicorn-6308.exe
2020	Unicorn-30932.exe
868	Unicorn-1539.exe
484	Unicorn-34212.exe
2996	Unicorn-22514.exe
788	Unicorn-52172.exe
1532	Unicorn-59100.exe
2528	Unicorn-42380.exe
444	Unicorn-17090.exe
2512	Unicorn-11715.exe
1940	Unicorn-23413.exe
1692	Unicorn-5540.exe
1836	Unicorn-26899.exe
1080	Unicorn-55125.exe
600	Unicorn-5924.exe
2440	Unicorn-13714.exe
1804	Unicorn-22645.exe
860	Unicorn-19115.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2752	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	31
PID 1544 wrote to memory of 2752	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	31
PID 1544 wrote to memory of 2752	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	31
PID 1544 wrote to memory of 2752	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	31
PID 1544 wrote to memory of 2972	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	32
PID 1544 wrote to memory of 2972	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	32
PID 1544 wrote to memory of 2972	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	32
PID 1544 wrote to memory of 2972	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	32
PID 2752 wrote to memory of 2264	2752	Unicorn-51549.exe	33
PID 2752 wrote to memory of 2264	2752	Unicorn-51549.exe	33
PID 2752 wrote to memory of 2264	2752	Unicorn-51549.exe	33
PID 2752 wrote to memory of 2264	2752	Unicorn-51549.exe	33
PID 2972 wrote to memory of 324	2972	Unicorn-34153.exe	34
PID 2972 wrote to memory of 324	2972	Unicorn-34153.exe	34
PID 2972 wrote to memory of 324	2972	Unicorn-34153.exe	34
PID 2972 wrote to memory of 324	2972	Unicorn-34153.exe	34
PID 1544 wrote to memory of 2716	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	35
PID 1544 wrote to memory of 2716	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	35
PID 1544 wrote to memory of 2716	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	35
PID 1544 wrote to memory of 2716	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	35
PID 2264 wrote to memory of 1372	2264	Unicorn-54019.exe	36
PID 2264 wrote to memory of 1372	2264	Unicorn-54019.exe	36
PID 2264 wrote to memory of 1372	2264	Unicorn-54019.exe	36
PID 2264 wrote to memory of 1372	2264	Unicorn-54019.exe	36
PID 2752 wrote to memory of 3060	2752	Unicorn-51549.exe	37
PID 2752 wrote to memory of 3060	2752	Unicorn-51549.exe	37
PID 2752 wrote to memory of 3060	2752	Unicorn-51549.exe	37
PID 2752 wrote to memory of 3060	2752	Unicorn-51549.exe	37
PID 1372 wrote to memory of 2920	1372	Unicorn-19422.exe	38
PID 1372 wrote to memory of 2920	1372	Unicorn-19422.exe	38
PID 1372 wrote to memory of 2920	1372	Unicorn-19422.exe	38
PID 1372 wrote to memory of 2920	1372	Unicorn-19422.exe	38
PID 2264 wrote to memory of 684	2264	Unicorn-54019.exe	39
PID 2264 wrote to memory of 684	2264	Unicorn-54019.exe	39
PID 2264 wrote to memory of 684	2264	Unicorn-54019.exe	39
PID 2264 wrote to memory of 684	2264	Unicorn-54019.exe	39
PID 2716 wrote to memory of 2284	2716	Unicorn-5123.exe	40
PID 2716 wrote to memory of 2284	2716	Unicorn-5123.exe	40
PID 2716 wrote to memory of 2284	2716	Unicorn-5123.exe	40
PID 2716 wrote to memory of 2284	2716	Unicorn-5123.exe	40
PID 1544 wrote to memory of 1468	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	41
PID 1544 wrote to memory of 1468	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	41
PID 1544 wrote to memory of 1468	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	41
PID 1544 wrote to memory of 1468	1544	e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe	41
PID 3060 wrote to memory of 1676	3060	Unicorn-24444.exe	42
PID 3060 wrote to memory of 1676	3060	Unicorn-24444.exe	42
PID 3060 wrote to memory of 1676	3060	Unicorn-24444.exe	42
PID 3060 wrote to memory of 1676	3060	Unicorn-24444.exe	42
PID 2752 wrote to memory of 1512	2752	Unicorn-51549.exe	43
PID 2752 wrote to memory of 1512	2752	Unicorn-51549.exe	43
PID 2752 wrote to memory of 1512	2752	Unicorn-51549.exe	43
PID 2752 wrote to memory of 1512	2752	Unicorn-51549.exe	43
PID 1676 wrote to memory of 320	1676	Unicorn-64341.exe	44
PID 1676 wrote to memory of 320	1676	Unicorn-64341.exe	44
PID 1676 wrote to memory of 320	1676	Unicorn-64341.exe	44
PID 1676 wrote to memory of 320	1676	Unicorn-64341.exe	44
PID 2920 wrote to memory of 1312	2920	Unicorn-23501.exe	45
PID 2920 wrote to memory of 1312	2920	Unicorn-23501.exe	45
PID 2920 wrote to memory of 1312	2920	Unicorn-23501.exe	45
PID 2920 wrote to memory of 1312	2920	Unicorn-23501.exe	45
PID 1372 wrote to memory of 2192	1372	Unicorn-19422.exe	46
PID 1372 wrote to memory of 2192	1372	Unicorn-19422.exe	46
PID 1372 wrote to memory of 2192	1372	Unicorn-19422.exe	46
PID 1372 wrote to memory of 2192	1372	Unicorn-19422.exe	46

C:\Users\Admin\AppData\Local\Temp\e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe
"C:\Users\Admin\AppData\Local\Temp\e02003c0e177072837a92e39bea1ea77043bbf785e8db29c3914e4a902613621.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        9⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24928.exe
        10⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        10⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
        9⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        9⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
        9⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        8⤵
        Program crash
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        8⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        8⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39021.exe
        8⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3234.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        7⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
        10⤵
        Program crash
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15073.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        9⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        9⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        Program crash
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        8⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        9⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        9⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37499.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        8⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        7⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 200
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        7⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        7⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        7⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
        9⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        9⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62735.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        8⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        8⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        8⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7647.exe
        7⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55941.exe
        7⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        7⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        6⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52565.exe
        8⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        7⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        7⤵
        Program crash
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
        6⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19124.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        7⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16798.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53999.exe
        6⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        6⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        6⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28587.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        9⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        9⤵
        Program crash
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        8⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50140.exe
        9⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        8⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43084.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        7⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        7⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16929.exe
        8⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 240
        8⤵
        Program crash
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17007.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        7⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        7⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        8⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        8⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        8⤵
        Program crash
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        7⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        7⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        7⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        6⤵
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        6⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        6⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        6⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4845.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
        10⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 220
        10⤵
        Program crash
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        9⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        8⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        8⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        8⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        8⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        7⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        8⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        8⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11132.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        7⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
        6⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe
        7⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51913.exe
        6⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        7⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        6⤵
        
        PID:8980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        6⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12053.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15604.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7111.exe
        8⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        7⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63269.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
        7⤵
        
        PID:10728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        6⤵
        
        PID:8952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        6⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36558.exe
        6⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        7⤵
        
        PID:10520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        7⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59616.exe
        7⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45269.exe
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55128.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        6⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        5⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        6⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 220
        7⤵
        Program crash
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        6⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50717.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30794.exe
        6⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        6⤵
        
        PID:9836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54554.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        5⤵
        
        PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7071.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        9⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        9⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        8⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        Program crash
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3904.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        7⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        7⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        7⤵
        Program crash
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27262.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        6⤵
        
        PID:8520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        6⤵
        Program crash
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        8⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        8⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
        7⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        7⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        7⤵
        Program crash
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        7⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        7⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9953.exe
        6⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        6⤵
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        6⤵
        
        PID:10392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48979.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        7⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        Program crash
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        6⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30291.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        6⤵
        
        PID:10900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
        6⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        6⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        5⤵
        
        PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        5⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        5⤵
        
        PID:10464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19397.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        8⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        7⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
        7⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28356.exe
        8⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        7⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
        7⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33090.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        6⤵
        
        PID:9072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        6⤵
        
        PID:9484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        8⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        8⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
        7⤵
        Program crash
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        7⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49409.exe
        7⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
        6⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15933.exe
        5⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        6⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 240
        7⤵
        Program crash
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        6⤵
        
        PID:7120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        6⤵
        Program crash
        
        PID:7896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        5⤵
        
        PID:6328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31019.exe
        5⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        5⤵
        
        PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        6⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        7⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        6⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        7⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        6⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        6⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        6⤵
        
        PID:9796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        5⤵
        Program crash
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
        6⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        7⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        7⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        6⤵
        
        PID:4496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        6⤵
        Program crash
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        5⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 220
        6⤵
        Program crash
        
        PID:4756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        5⤵
        
        PID:8096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
        5⤵
        
        PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        5⤵
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        5⤵
        
        PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
        5⤵
        
        PID:7288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61960.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
      4⤵
      PID:10504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
      4⤵
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        6⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35652.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        5⤵
        
        PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
      4⤵
      PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
      4⤵
      PID:9212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
      4⤵
      PID:10016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        7⤵
        Program crash
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
        6⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        6⤵
        
        PID:6508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8370.exe
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        6⤵
        
        PID:3784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        6⤵
        Program crash
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46972.exe
        5⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        5⤵
        
        PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        5⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        7⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        7⤵
        Program crash
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        6⤵
        
        PID:6184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        6⤵
        
        PID:9312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        6⤵
        Program crash
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        6⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        7⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39404.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        6⤵
        
        PID:8084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10110.exe
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        5⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        5⤵
        
        PID:6324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        6⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        6⤵
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        6⤵
        
        PID:7272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        6⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        5⤵
        
        PID:7688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        5⤵
        Program crash
        
        PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
      4⤵
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        5⤵
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        5⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        5⤵
        
        PID:8760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        5⤵
        Program crash
        
        PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52528.exe
      4⤵
      PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
      4⤵
      PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
      4⤵
      PID:9264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        5⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63034.exe
        6⤵
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
        6⤵
        Program crash
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        5⤵
        
        PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
      4⤵
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
        6⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        6⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        6⤵
        
        PID:9704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        6⤵
        
        PID:10912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15397.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        5⤵
        
        PID:9592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        5⤵
        
        PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
      4⤵
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        5⤵
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        5⤵
        Program crash
        
        PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
      4⤵
      PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
        5⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        5⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        5⤵
        
        PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
      4⤵
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
      4⤵
      PID:9724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39532.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52925.exe
      4⤵
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14855.exe
        5⤵
        
        PID:2088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        5⤵
        Program crash
        
        PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        5⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        5⤵
        
        PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        5⤵
        
        PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      4⤵
      PID:8048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
      4⤵
      Program crash
      PID:9192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
    3⤵
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14855.exe
      4⤵
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        5⤵
        
        PID:6596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        5⤵
        
        PID:9580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        5⤵
        
        PID:10692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
      4⤵
      PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      4⤵
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      4⤵
      PID:7800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
      4⤵
      PID:9588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19349.exe
    3⤵
    PID:5788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
    3⤵
    PID:8028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    3⤵
    PID:8288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21872.exe
    3⤵
    PID:10976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2972
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63075.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        7⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        8⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        7⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        7⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41969.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        8⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        8⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        8⤵
        Program crash
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43125.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16320.exe
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        7⤵
        
        PID:10208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        6⤵
        
        PID:8788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe
        6⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 220
        6⤵
        Program crash
        
        PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        7⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1932.exe
        7⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        7⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17977.exe
        6⤵
        
        PID:4444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        6⤵
        
        PID:7908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        6⤵
        
        PID:6976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        6⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        5⤵
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        5⤵
        
        PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        7⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe
        7⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20816.exe
        7⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        6⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
        7⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        6⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        6⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        5⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        6⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        7⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        7⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43892.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        6⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        5⤵
        
        PID:7368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
        5⤵
        
        PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        5⤵
        
        PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24501.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        7⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        6⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        6⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        6⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        6⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
        5⤵
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
        5⤵
        
        PID:7876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        5⤵
        
        PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
      4⤵
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        5⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        6⤵
        
        PID:7996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23779.exe
        5⤵
        
        PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
      4⤵
      PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3057.exe
        5⤵
        
        PID:10588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
      4⤵
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48255.exe
      4⤵
      PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1128.exe
      4⤵
      PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
      4⤵
      PID:9812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        6⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        7⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
        7⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57921.exe
        6⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        6⤵
        
        PID:8680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        6⤵
        Program crash
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        5⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6930.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
        7⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        7⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        6⤵
        
        PID:6520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 216
        6⤵
        Program crash
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        6⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9238.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        5⤵
        
        PID:6848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        5⤵
        
        PID:8216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39935.exe
        5⤵
        
        PID:9728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5535.exe
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
        6⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        6⤵
        
        PID:7320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
        6⤵
        Program crash
        
        PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        5⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        6⤵
        
        PID:4700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        6⤵
        Program crash
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60883.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        5⤵
        
        PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        6⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61231.exe
        5⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59461.exe
        5⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        5⤵
        
        PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        5⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        5⤵
        
        PID:9604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
      4⤵
      PID:4268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
      4⤵
      PID:9280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55317.exe
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26745.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29450.exe
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        6⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        5⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        5⤵
        
        PID:7620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        5⤵
        Program crash
        
        PID:8656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
      4⤵
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23644.exe
        5⤵
        
        PID:10128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14719.exe
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        5⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8343.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        5⤵
        
        PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
      4⤵
      PID:6476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
      4⤵
      PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        5⤵
        
        PID:8088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
        5⤵
        Program crash
        
        PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45227.exe
      4⤵
      PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33181.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
      4⤵
      PID:9304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
      4⤵
      PID:10324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
    3⤵
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
      4⤵
      PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      4⤵
      PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51864.exe
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23639.exe
      4⤵
      PID:11236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
    3⤵
    PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
    3⤵
    PID:7504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
    3⤵
    PID:8248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1504.exe
    3⤵
    PID:11244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        7⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        7⤵
        Program crash
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        6⤵
        
        PID:11216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41367.exe
        5⤵
        
        PID:2680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        6⤵
        Program crash
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
        5⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
        5⤵
        
        PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
        5⤵
        
        PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
      4⤵
      Executes dropped EXE
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        6⤵
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        6⤵
        
        PID:6704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        6⤵
        Program crash
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        5⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        5⤵
        
        PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
        5⤵
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13833.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20534.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
        5⤵
        
        PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53028.exe
      4⤵
      PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
      4⤵
      PID:9260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
      4⤵
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58128.exe
        6⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35699.exe
        6⤵
        
        PID:7084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42586.exe
        6⤵
        
        PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
        5⤵
        
        PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
        5⤵
        
        PID:6932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        5⤵
        
        PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
        5⤵
        
        PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
      4⤵
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        5⤵
        
        PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        5⤵
        
        PID:8944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42273.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
      4⤵
      PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
      4⤵
      PID:10992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
    3⤵
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8014.exe
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        5⤵
        
        PID:7948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31874.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      4⤵
      PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
      4⤵
      PID:7972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
      4⤵
      PID:10424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42624.exe
    3⤵
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
      4⤵
      PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-564.exe
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      4⤵
      PID:9740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
    3⤵
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
    3⤵
    PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
    3⤵
    PID:9476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
    3⤵
    PID:10388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
      4⤵
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42700.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
        6⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        5⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63030.exe
        5⤵
        
        PID:7928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        5⤵
        
        PID:9368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        5⤵
        
        PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
      4⤵
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33059.exe
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17588.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27146.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        5⤵
        
        PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
      4⤵
      PID:3804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 220
        5⤵
        Program crash
        
        PID:4252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
      4⤵
      Program crash
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23437.exe
    3⤵
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
      4⤵
      PID:4796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
      4⤵
      Program crash
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7842.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
    3⤵
    PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36677.exe
    3⤵
    PID:8172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
    3⤵
    PID:9528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
    3⤵
    PID:10628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
    3⤵
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
      4⤵
      PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        5⤵
        Program crash
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39492.exe
      4⤵
      PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
      4⤵
      PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
      4⤵
      PID:9512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64248.exe
    3⤵
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26888.exe
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64594.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        5⤵
        
        PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
      4⤵
      PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
      4⤵
      PID:7936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
      4⤵
      PID:9520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
    3⤵
    PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14277.exe
    3⤵
    PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
    3⤵
    PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
    3⤵
    PID:11252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
  2⤵
  PID:3048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
    3⤵
    - Program crash
    PID:340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
  2⤵
  PID:492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
    3⤵
    PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
    3⤵
    PID:7260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
    3⤵
    PID:8888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
    3⤵
    PID:10332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
  2⤵
  PID:3700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
  2⤵
  PID:5528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
  2⤵
  PID:7432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
  2⤵
  PID:9064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
  2⤵
  PID:10472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-100.exe

Filesize
184KB

MD5
bb2a5b8ceee91cf5a46c3629f6daf974

SHA1
23e57821de944362f48009783bbac5e9019e4431

SHA256
ae884cd5cc72ca8487605efec8e46f3b1ac42d98ba4795bb4cd560d31af02b50

SHA512
8958430f2ec352a6b887abad134216e349320a07372bc7e06994394ace34fbd60bfeb97a6817fdaaedcf91de74dc15796f2e7a23f938c8068cc79bbaab405fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe

Filesize
184KB

MD5
0464dd3a0f0a5a22c9df16a14d58e083

SHA1
09b1262f56d6935237e742a3d899c9a59bce6c2b

SHA256
eda79fb01775c99085c334289cbe3169ca43e4c11e26f6b0bf6838d9b43b081a

SHA512
bbabee603c60ff26b490596f2ec8a7d86ccbd90b40014c88fe6407d4598e3934ca6a8bf09a2114ccbe2faf55cd50e692b12e2af48b1fe5f6966ea185c4632b13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe

Filesize
184KB

MD5
39848f435d816e702c89fa04830de440

SHA1
f7b323a45bc1dc76c5a5fca4734505bdfdbe40c1

SHA256
49986248c92eb9ae727804ea09ecaba8f2c0c19e32e609735a4d832985b5f1cf

SHA512
49f42262ffcf735ddfbfe177699c8f03fe863a2d2d5546ae0681fd2bfeb280c7f7becfce3e2f06ae82f017d106f1724c91c5a4ef7d75bd096971a18fda1f70e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe

Filesize
184KB

MD5
d274b1617a0f724ba0dad7099f2b500f

SHA1
00b8ba943e43a1dde12c73cb396c267e295fb61d

SHA256
d7938adcd7ffe400b047bfc40ca34b00708a5a5f113e84b4f7ee3bbf534567f7

SHA512
87edbf9883050e9c4dbf96053171dc3593c36d8c2c3ba395b913b132c082654ab365a32e37fc6535ec7e337fda1651de0083d253a50a4dfb8e8b2cfa89776f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14024.exe

Filesize
184KB

MD5
baff0456cc4189ff6f9658e4f3821fb6

SHA1
49caa14d024a5cf4e90c84ec30b6fdca1c401236

SHA256
292f14b1ed35779cd9ca9451049220c2decf858d1ff9ee6a68843302a3c4afc5

SHA512
154a0631850855c613c9013482351a418d8de72409d1ce3da5db8967b94e13bc1740e63f36d96406d0b5175dbc11410290246365b7a509510aaaa4599eb6654b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe

Filesize
184KB

MD5
8f7a76683afd75eddb2d8842356c56ed

SHA1
f3e2b295c55d03636301d528717bca48259a46cc

SHA256
c81ade922fcc9ae9be184c3a94dc794a626fbaa026e7ce5f9ce235cdcda935f3

SHA512
bbd4909ca21f6b092f3ad5fba2c4032d118d520eaf7e11cbd8cecaf34c56153210a1e31b08fa6d0fb1abfc2955bb7b2ed6dcab0637b5bf25e0e1e2c7e6055698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe

Filesize
184KB

MD5
30800248f9930512bcf2791e0bce19ae

SHA1
53b1a144e8b1bc92d1caafbbcb9e457623db57f6

SHA256
0767ba4b8130ec3a723c2ff580a3fec088e150cb1b0ce1501eff29907adb6744

SHA512
e6eca0a6ffce86cd8c84379269e58bc4345a32e507339a18d44b2ddbefedb04ca3d9b11217459e4b4d0ed40b7dee2c0b18d985fcdcb408885c7bbd5cb01898bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe

Filesize
184KB

MD5
fdd50a6b61b91895a961f6f09a60b025

SHA1
11681335a45f040929d7889d8afc9829f993c231

SHA256
560e3b8c829131bf3de1f358b5c5049c9078b021ee60be300f8df685e69524ae

SHA512
207cbff72e30ba8caf4f1faa73d4efd8ca0108b86f5c83f6f2ab46430e6e6d24242944983f8ed85fed195d5363a0d7ea799c555da1f8476111ad825dc2368178

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe

Filesize
184KB

MD5
dd855edfdb96bfdf3fed0c88eb35a107

SHA1
c9a63b037a6c3020f007c7b397391b7027651ba3

SHA256
036dc113c0c372dd2031db2ff64dc7ed9a84f445beaca82ae78ca9a7415011d4

SHA512
b24ed89e0393a4f6d4ffabda92a18b77408bf50d2d57bdd17cd21d494c0f624fdf03d78d50c25db3f08f039f6fc4ce1c7c8af874e0452c7fa4d8b16734d827f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe

Filesize
184KB

MD5
3bd71ae4dfcdfd339fcd59dc442c8719

SHA1
73c5f8bd9e83678dea28d597418aac74a8701eba

SHA256
412079a88cd06992f86454a53ab404fa4a9514ee7b20109c7116e1558cde2ffb

SHA512
f5d0b65ad7818b3939629a2c08881525c7ef7adf5bc1ad4a6748164aa8f47da10921d0416a4720d28c9572dfb2d6328cc5e8b613d611bd271dc4a7a5590d8008

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe

Filesize
184KB

MD5
19baf36362e7c41b4ba7fe5fa3712181

SHA1
deeef6c0f791fed767a62cbb6c090fea4fb400c9

SHA256
2698c35abdfb84713036e45b52a3bf276b56964ef48cb6c48ae4bb2c0583e0fa

SHA512
117f7020b3835c3dc2cb528d61ec289e2f1e0329c3462ed39d2e6f45f7706e375dc310cda6f4deb643925a8eb6307f2b79aea06ab295fa95b6aa8f2a4255fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe

Filesize
184KB

MD5
cd010168e3cd035b6e37f9aeb033eaf0

SHA1
1777186a8bf936e1d25ae6d6e0e806089de4f744

SHA256
6aafe5b27272420a51791e3cef24fc235dff3b77af9fa20ab72ecfd9848a55ea

SHA512
1918e6e165437c93d1c11ac3c5c450743fe50c30321bca58f060ce2fc1aa3748a08f1faf8185ba4cb3dc9c7e3895e48211cb80c1eeb265a52fc052bf95804e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe

Filesize
184KB

MD5
971141f48ac6ad598e8186828fe5253b

SHA1
0aa9b9b04b2020e68c24ff2aef1a1c6b36089d94

SHA256
4ee3f5498b98ba6e678bf3ee4461a868f95b8dfced838b152349692f0530c997

SHA512
aa359fe8d54ef7f0dffa47ae96dd134028baf06bf72989dc8fec43558575d9e0e57af4f36054a5152e0428ea56308d6e607a3e426945ba1a19711a7077a70321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe

Filesize
184KB

MD5
b606d2ba44fd4b98a41320f18e9b7299

SHA1
15826277bb5124bed7bc05699e6861aeefc379e7

SHA256
d8bd8587c2cd54cce54825adf18ee93c6e247833838462cbd8bb5d85979f95e5

SHA512
a005d8f230575b4e5b147cd0e620f36ea0608de66c88e0f9adf2802dc6427764a9caac7546faf41e144c8ddb592eb5578cd5e39b8fb147eebfe42c06a80714b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe

Filesize
184KB

MD5
fd1b30bbe0efc0895cecc3b3829dd17f

SHA1
5a68985cfd5dab7e774201c72e4d447a398a1ee8

SHA256
3bf47914c11068370d6db17401a82d7ca323c3404ca49d1d2fd0e6c0573d4123

SHA512
0f5c8c33a303a8a4d40bd6b91fd2d06ccabbf756749550dd856a47cd26f0023cf9bbfab2a9eb7c0781c249a645ab9943cca9e2b1c69221b451bfd789871a923b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe

Filesize
184KB

MD5
2f26e818ef6231bc28af867cac117e51

SHA1
1b279c4ab837f737bdf015f6330a8e7ad904d548

SHA256
9c726a35999bdd8b6e80eb23d8741996704445f8d8efa37ab345735df2e252f0

SHA512
64bdbcc14f34b2555648ad6169a611ff6317527491712458ef03bd473d4fab2553c871f4e6f619de8aac744e7363464c73b91032c166297dab229c52430fa8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe

Filesize
184KB

MD5
8ca852e423d0384fe1fad76a22d8c3b0

SHA1
d1ca0da950d4abd340a1d2e410971787584fb210

SHA256
ea6dc4f4dd31b219714c95d029e86b2f47c070086e2aad07bd526f7edb6ff20e

SHA512
d6b762811e42d5d47119f1a6745c3bfe3b4cb33b5e83dc6c445efff8098124c0a12186bf2a90e1521b569aaaced49098bfcaddce60b947f7270f2930535ba69b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe

Filesize
184KB

MD5
0a65974d3b353b3d8ed07d1bb1059e0f

SHA1
c486e55c31730dca9d5d715aa79ed681435a5973

SHA256
faf96375f4e8502a319b95192c546dd548e0658947d56e1f8eafb6b5fecd4c37

SHA512
5461c65a738bbffe68fdd398ed92f0b41ac3c020bdf4bd4d126c2efcb606e0149cc175459d910b73c48975d158eb076141cef2e159caab0fe6ae51ca38d490ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe

Filesize
184KB

MD5
0b54aee37967d78e78aeaa61a82ccb44

SHA1
69c8f345e69afa062996263b015ee5449dda2da4

SHA256
f645e6b9d60e6ada0c130a79cdf34af099e3eb772de99e4c680cbf7cdb908bda

SHA512
76394b9f807099b6402a7065fa95fc7df5c2cd3188bd9ec1d0f9a0ea740b36b9a8856485bf3a22fbd52b09aa1c9c52253350f2e8673ef42a960447934bacffa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3997.exe

Filesize
184KB

MD5
39e176ea6b4c6cd557ec5d4d558b10f4

SHA1
dd2892ce476bb38fad114d7937ab626817bd3d05

SHA256
ff27e8e53e5223bb7f3108c988747fd8a97c609207b53c74595b7c684afcb1a3

SHA512
7345ee23e0f9d66c1fdda3ac4d658b5f4ab6d117b24eb18410b7987a1464182c1a34748c7f9d4307c801f7873bcf64f51df6ea458e1c8afc6874b1b990b03993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe

Filesize
184KB

MD5
36085604bf1e56710ee4bc34d2666704

SHA1
c89c744829633a83e4e8b9430a8c779365064f70

SHA256
d330004c0c972de037427c1573dd75e729a057b2b277c4716ba4ef1b4cedddb8

SHA512
0a351e5c4c19a8dc82385d0379e406f7592db928217bb3a90b7469cf9f4fee2d4b0fcce0f16b5d8a6423cbf4aa3f858e729361893bcdc516757536c5f045b4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe

Filesize
184KB

MD5
57426fdb41b696d4dc300f274822a9fa

SHA1
64b4d2a9bc3ac6909aed50e877bbb83fc4093519

SHA256
e49029367adb132ff4e80ab4d919d1ee5d06397bf59a21bd839a8a236f6c2296

SHA512
be99699465a55b38a4f8d6bf1dffb1305c1c665219766f5f80828581f645013d90de37c07d2c5e1836e50e4f2a9a882abc168bbe64d3ba085ef477c2eaa9ef7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe

Filesize
184KB

MD5
63530dfbf9fcea4f0109281113353744

SHA1
10e4abb6f738085adf9d96f7394991619a36f050

SHA256
082575dad9eba21690bc496d36010bf3dcaf4449e2601e20b0f31585eacd2e8b

SHA512
2066e7df43acfefc50ab5312ed5c76e0b1519ffe1afb44c75d3e378d7343d5520481cf2d78381db3be2f801aa3de7b24f7ec127d69c0f73f441222bc132459ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe

Filesize
184KB

MD5
64d992bb3acb8f9ebe48086e49a4fe37

SHA1
a664b45239995f5fdec61f045c494d958660a901

SHA256
e6171423b8d9cb60f084f7d91d0d2291f78dccd7b0d80eac3408c927b2dde4e9

SHA512
022ac40f4e677de836a6633b4a80a249719c39bbba28555e6d5e51578fc7bfe08fd68a6f49e494d386a43e42ac24a43f595ee56674751e46c19875efee09f7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe

Filesize
184KB

MD5
6dcd2737b523fb937f515ad96ed5a841

SHA1
2d68b85aaa3a3e6cebe48b2c29c7997dc52751a8

SHA256
9feb14d1511884115d30d2c129b6f7839c70442f64909e1851543ef30285c1b1

SHA512
50ced1b4ef8cc709d886d57568299bcf1ed9a75f8b0e4f556e9f3c60ad0b51384fe3ccce8598c2d973fc89cedc65bc675a12aa642b36d14b1aac6f98b1a7ff2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4946.exe

Filesize
184KB

MD5
27c62f3ae01a2d0c3cb86234656b608b

SHA1
4085554f9fc28147455e058bc6f168f7cf47dfd1

SHA256
253fb0aad6de5e5e207251df8da627d2284a82b08caceaa69447a24e6f98fd4e

SHA512
db7e988037565dba907442cb121552da9c88f8ba443660a772440986bd10acb03c7a277e22f598713bda448c75e6dc1c4cc5034ab56476d2b9f57ab188f344a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe

Filesize
184KB

MD5
b6dcfe292d12a136f5336966d2e20e1b

SHA1
ccae9fa543a76a5da8dd0a132700fcbb10dbf8fe

SHA256
613afa5e95712a52f0b5e8515a06fe64c856391aa9c3ad55442c213754ae5562

SHA512
3f543ed4edb7442ec9f076683bd18ef7ed72dfa65bc03dd24b11eb7bb5d5c796178043d3a0582e257f5850dc69a12b908a910577da8049238e137b33804a5147

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe

Filesize
184KB

MD5
6c99cdf1a7edcc84933ce4ddb9021a38

SHA1
69627ebe1986186f2912f14ab20253cb74e1f13e

SHA256
208a418a8b86537839c7d75bb341c526147c035bbe2fab6165536d2a7ccbd3e3

SHA512
1526c5b8cc47049d62af30a6857c703af11f8effe31ddae8b4aa1ee07e16ab11eddc9951bcb895db5488436e2525183df9032c228a9c0a1141d315ec8aaad8c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe

Filesize
184KB

MD5
b93f9bf97e789de09b863a0f0898fb6c

SHA1
a81e0a82fab13e524abdb9ccc5de7cd163fd5fe4

SHA256
9dada532e62d9984dfa89b0755713f24181d1f5050bbec6147e7845d6850b2af

SHA512
226f675d6f40bdd9cc0c55edd72f45e647763c9e74f75b46ec7f54ada46196156401d669e968ce558850f7603c3847b1b2f2a8ec5ed9f3a583cf757c01a8d2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe

Filesize
184KB

MD5
c716bd75559a407fe663391d94faa7d1

SHA1
c1ce94f1e20f6cffd38f74bdd9b0dd8caa8863cb

SHA256
7bdd92931e82761be73c95a373a8854221c233c7ef6228a5ef23fa22c759d1f9

SHA512
31d267553f00a9dea61cf54f0aead621966d9b82a0f6093d001d7fbff6cd4887a306284990c97a47de46f9467ae8ea237c95a8e55a9f2893b1c6586545483162

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52470.exe

Filesize
184KB

MD5
f28147ca59d3e4ee2779518acb0512a3

SHA1
6d0d9c2b3bf7bad30064eb67ef7de244d72cb2e7

SHA256
b3e1e5df25ab32d19274e74790cda3d81cb172d676d1b5a4d7bde4601357e62a

SHA512
e9bd8056be8d96e56b6ac0ca864052948f0d00160c97b5285f4719736319f5cd92c30c1dd52504675c948149a36809b6018b90dcfaf131d6066671345e7978df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54019.exe

Filesize
184KB

MD5
f3b452983b8436a8bdaa5dc203e6225a

SHA1
afb5eb4e703b234f991fd91558b8e9de37c615bc

SHA256
bb1b96e9f650a5be8c44560049da87adf902fa56f4d71e145901e40762f1f642

SHA512
a70dd624712e4cc02de82cd9d9a3c22485e09a7f11b4eede0d19a8bf18a63cae706d3f60b6b4667db3d143009d6c83a71dfc98fb3ecd18c8e63efa24d82b76a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe

Filesize
184KB

MD5
e86f46e7aa97d67ea3053bd29c2feee3

SHA1
89e588aa4dfd5b97d2b5f45304aaabb6ed2f62c2

SHA256
65cf595cca46e7186341883e5efb833ede2422cb52b3428897914d48a0bad2f4

SHA512
ae532480b502fb1dc256f2d161cd89bb201f7e9eac975b5bcc54d514f46dedc85989e8e2edef9f64a0f89c48f9a9559f0ff813ffcdf2d5ee04e21193b56ac907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe

Filesize
184KB

MD5
dd61b19fad8d9176d508d2e0ed315e06

SHA1
716192dcfb378220bd3211c715b01c047a7e9337

SHA256
182093a89aea24a5f9aec62834d01354c56fa72ed7a817bab5ab3ff03ab02fd7

SHA512
d7cc6e6a89ea6743eac3cc3c88b779eb6fba09b4a7d9984edfdcd831dc89cd1b610ebeeb499ac4c3d2c1a44a7eb17d6a0911785ebea52fe729ce2459c3bdec9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe

Filesize
184KB

MD5
5f59cf6a2f09680f335c10e472a6a1ff

SHA1
0f256e53c24488fb5b59e006f3554037a36a9c4c

SHA256
db492def50a543b688274c4374c8f84cc34237501af12dd475cd4191369572eb

SHA512
021b5446f37da9fa0b0806dd569095ff8f1e2fd7e96d7e47a7ac0fbe8ff87be9242fe06fbd2de0ba3d001a9fae83455c57ad130ef4b06afee1d4b76770855326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe

Filesize
184KB

MD5
40ed7e5760dd805e5afd4f76747715b7

SHA1
ee4b6bd0eb2efa05f66e6252d41bce88ae270448

SHA256
4e93a9051d3f6e55d8e061854c180339adc9732e790a8a553a2495d4776d7102

SHA512
625c770d3db17b83ce9d9b217ab0b6b83ee32ef05e8ba9213e13c87a25add6297b64f687f9e081bd8081c5ab6f052275a0cae78f18d88429d414a09966a29a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe

Filesize
184KB

MD5
7ae3d745eb1514831a9c494ce1a8e256

SHA1
621d52c4f0c41c2729a0d1652a6ed33424d7634a

SHA256
234e01aae0d30939d1f2929cef1c8b7cd1e572f7a903d3c9dc961a17f010cd4b

SHA512
242760ca62c3f0a737919e5f868a33f0d6f2ec204f8eee0d9be2de72ef02da3f9ae3742dc079147519d2dde4994a9eb962292f179404b3c75394f91ea80e1858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe

Filesize
184KB

MD5
c7853e3c4c5ce901e24744016068be42

SHA1
682fb6c3e8aeb68e8e8ca3b8fef3d1ee52e0bb28

SHA256
ed0bb04dffc3b7b6cfd8c9f1eb099ca22ed7f27eceb1886c1127a066dc4eed78

SHA512
a0b998341e158c9c3cc3f26c1e7eb2beecbaaf3b21fc4406eaeed0f2139167ea92166c7e62d1ed9e3fc3d00dfe517b0075f6ec342b3a5d4eff90e2a8742d4ed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe

Filesize
184KB

MD5
707dab69a807c0cb3acbfe164ac29671

SHA1
e80e5f224422249ff4009dd6ecaf06d00b890f9a

SHA256
2fe40a36f64153ba3d14758b501b88f0669f9638adad2590aa7afcef5d40cc5b

SHA512
c4e32b72712b1761a52883879367f5fe68db1a1de14a818421e4564669c97d09c3d85c9cb5cc735840c6379de5ccd2ce40c5f7497c9d04a760fa9e2e365041e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe

Filesize
184KB

MD5
faeac5ba7c96fd97f19289303b943bd3

SHA1
8d3c57d1b8ecb5c7948952fab1beb9a1f733dd1e

SHA256
f91b9f7aa2ecbb159bd3d0428b8bbb37c6e0f4a74e35d434ca8d53a407326f89

SHA512
fb3438f5d3700348956c0d97176eacc23c172e2bff2ae86e0133335f812a1e2038b495e7ad3d56cb1b9b4b5c16f5ba02e570430b0f7a92dfc4544f92e76bd549

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe

Filesize
184KB

MD5
c0ca37f4cf1d3135924d4819d2f820b6

SHA1
aad396a3ad2428cd672657b466acc6d127448971

SHA256
a52495eca11481d3251cdf92192f9c22d10e9955d8c31938c194a909c0573f2e

SHA512
f255a22c6742b964c400dd4ec2cab3c183de14fe28e6e036f4cb9fe0d697377a4c3f77507bac561bd63c611fd88e777146d3502ae8dc9641f64a6e1521caa3d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe

Filesize
184KB

MD5
94d7e452322565885b003ca71f3b7012

SHA1
2f3bcf6eed456c357be3d63119ec80f4fd6ba3a5

SHA256
8666a244789fc4d1b4072b2b2459bb51f2c38ea740056362f95ce807401be5bc

SHA512
998acda4e30bf4356bc6b7fca1501f57e101b547a31d054e765a8fbbf542e5129e41df9065cf47c7fb265a26524a9347ace1b10974fbbb4558e5c37cf0cf419b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23501.exe

Filesize
184KB

MD5
80dc546ab238865f733b7b6554cad42c

SHA1
32591687a49064dd70887fac2b86b16896e9e600

SHA256
dee0608c985fb2ede79f70d5c00ea4e6ce13ad2baf8c37dd60a6233197168fd4

SHA512
3e839e40e27236d9e1c7845c541a2fc0a203eccd138b72896d9abb2726fe1d5ace124eacb25963a32cd08c341bbd51faa2a6e72bf394a3e6085c84319284d233

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe

Filesize
184KB

MD5
18c5d9661f0acddb37182989f6515bfe

SHA1
4c13e2ea96815b9c23498cbc25fd40cd3a3bc95a

SHA256
7cf824e208428e3625d01409bde81fb32802f06f604d2603b81a57df27b7ab78

SHA512
904506e656fc17d2c14d6e4857cfbee8358226ccccfbb5e8c9a2330cc4139e65f71743bc6b06f706c9da3ca628004c0ce94cb5b6b84abd240489b3993e6b4724

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe

Filesize
184KB

MD5
22cabfc86eb5063cf007d53872c78f87

SHA1
6c369efda10b59844d21cd3a3f76129a5ad3e7af

SHA256
87f804785c9fd8e53e76d474627764a191ae638dbba94028bf61a80e0c966c4b

SHA512
f513236d13d477128413a6d458571b052b5e4de71e6c62a4d267fa966ba66f24a61f63453fda26ca68ecf8dfe08b61cf21d3b107e2c33054979305711147d891

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe

Filesize
184KB

MD5
cc25e85d11e31226e43ef5eb6216e3c7

SHA1
7323f55a741b59fb9cb47523924049d1f1f33071

SHA256
0ef2a462a4884bbe3e09406d2f367a9b5cde33af609c94fd2b8ccf33b5acfb2b

SHA512
be07cce84e307ce1e11126d48fb76dab386023973399477dfeb872c52da9da1aa9729ff85581100024308d3bccbadf31496acd5e4590c607ff736cc99652ae73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48005.exe

Filesize
184KB

MD5
250d83634a50e9993c25ee6585712111

SHA1
cdffa93594779cb7dc60613bc9f41ff6d19aff18

SHA256
630285909c2c377095b6fdeee80db00a3c1657d9d0f3bc9b0d270e39617e35a9

SHA512
8078d6407f7137cc8a763fe70b83d63899c75b3a3bbaf85b22be23bf65f219d11ff8ea2de8c70e5e77c9dbdd8432a26b116aef8535c42725d159a8bba34432ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe

Filesize
184KB

MD5
542f9a9d4275319142d8dcc2c54db913

SHA1
3361535d74f85081458269ebec914d8bf33767b4

SHA256
40403d965e492b1f4c03859dfa7828175008b51440dd1bde6848ea6152b9737a

SHA512
739e326174c1c51c434be7ba5704d1916158e0086cde3fbcbc5b0115379909e380a66f66b25297f3e3918999051e10c20ec55703e605590e7f74053fac0ae075

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63075.exe

Filesize
184KB

MD5
aa88c95f6e2b7e310f353f7fff61daf8

SHA1
58013cc0604bbdaa9f9f323418d24ab0a489f7db

SHA256
695f48935b7e83b7bb4d5a822863d97a71496d140bebdb799ce7e8794810fed3

SHA512
ada9afca1ecf73088516dd536aa1ea9d924c23df6e23be1cd753547c42fe0e772432a3a50268126081fa763d5fa80d60ca92aa9c49d233a0c5cc0b8383280397

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads