e5a572ac1541d4d2ab326313b3c873bcd497b92424ef0368c788531a6329672c

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f936de2eb68e48d24ea60a99a88a80N.exe
Size

184KB
MD5

13f936de2eb68e48d24ea60a99a88a80
SHA1

ca04f07714e77b579692eec3cc0867caa180ec81
SHA256

e5a572ac1541d4d2ab326313b3c873bcd497b92424ef0368c788531a6329672c
SHA512

888f74d8e0989ebe0dbf92baf0c577212b93770554b3ea91c9ef717afe2cec5a3473b3f269124730f127bcffd7a78189746200aae30d67b835f67d4d4a2b1164
SSDEEP

3072:pegIgDo8KDn3dDHtWDMO8QSlvMqnaiuU:peEoPtDHrO8QSlEqnaiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4932	Unicorn-65342.exe
404	Unicorn-34184.exe
4528	Unicorn-16368.exe
2004	Unicorn-64098.exe
1064	Unicorn-46876.exe
3112	Unicorn-31094.exe
2044	Unicorn-38516.exe
2328	Unicorn-42335.exe
3836	Unicorn-25278.exe
5048	Unicorn-27970.exe
824	Unicorn-51920.exe
2936	Unicorn-39476.exe
1124	Unicorn-23694.exe
768	Unicorn-12833.exe
3340	Unicorn-6703.exe
4356	Unicorn-57188.exe
2584	Unicorn-59102.exe
4756	Unicorn-58287.exe
440	Unicorn-22922.exe
1116	Unicorn-4347.exe
4928	Unicorn-61624.exe
3888	Unicorn-49372.exe
4556	Unicorn-4155.exe
4316	Unicorn-10285.exe
3756	Unicorn-10020.exe
928	Unicorn-55957.exe
644	Unicorn-7378.exe
2908	Unicorn-1515.exe
3704	Unicorn-51271.exe
2732	Unicorn-54800.exe
3232	Unicorn-5499.exe
2436	Unicorn-9491.exe
2864	Unicorn-28520.exe
4892	Unicorn-5142.exe
216	Unicorn-42910.exe
2388	Unicorn-5307.exe
4952	Unicorn-5307.exe
3692	Unicorn-16098.exe
2592	Unicorn-18790.exe
4208	Unicorn-22320.exe
3216	Unicorn-24820.exe
3736	Unicorn-1707.exe
4392	Unicorn-50146.exe
1232	Unicorn-63160.exe
3204	Unicorn-20182.exe
4320	Unicorn-11781.exe
1672	Unicorn-24266.exe
1932	Unicorn-57493.exe
4448	Unicorn-46367.exe
5036	Unicorn-46632.exe
2852	Unicorn-28249.exe
2464	Unicorn-7270.exe
4576	Unicorn-14883.exe
4100	Unicorn-585.exe
1716	Unicorn-45510.exe
4572	Unicorn-26944.exe
4420	Unicorn-18510.exe
4992	Unicorn-25552.exe
1636	Unicorn-63077.exe
1452	Unicorn-15267.exe
1496	Unicorn-50078.exe
1116	Unicorn-50078.exe
3220	Unicorn-35780.exe
2052	Unicorn-50078.exe

Program crash 31 IoCs

pid	pid_target	Process	procid_target
1412	1116	WerFault.exe	112
4028	1116	WerFault.exe	112
4220	2908	WerFault.exe	120
3860	3232	WerFault.exe	123
3680	2908	WerFault.exe	120
2624	2436	WerFault.exe	124
4948	4892	WerFault.exe	127
5504	3736	WerFault.exe	137
2252	2436	WerFault.exe	124
1028	2464	WerFault.exe	150
5664	4100	WerFault.exe	153
936	3736	WerFault.exe	137
6016	5104	WerFault.exe	171
6364	2464	WerFault.exe	150
6528	1680	WerFault.exe	177
7988	2908	WerFault.exe	227
7352	5104	WerFault.exe	171
8004	6200	WerFault.exe	266
752	1680	WerFault.exe	177
8568	5324	WerFault.exe	259
8296	6324	WerFault.exe	273
9600	7044	WerFault.exe	299
9568	6324	WerFault.exe	273
9908	9288	WerFault.exe	467
10972	5504	WerFault.exe	319
12796	8080	WerFault.exe	346
10508	9288	WerFault.exe	467
12404	8168	WerFault.exe	370
12224	5504	WerFault.exe	319
4608	8080	WerFault.exe	346
16312	8168	WerFault.exe	370

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3272	13f936de2eb68e48d24ea60a99a88a80N.exe
4932	Unicorn-65342.exe
404	Unicorn-34184.exe
4528	Unicorn-16368.exe
2004	Unicorn-64098.exe
1064	Unicorn-46876.exe
2044	Unicorn-38516.exe
3112	Unicorn-31094.exe
2328	Unicorn-42335.exe
3836	Unicorn-25278.exe
5048	Unicorn-27970.exe
824	Unicorn-51920.exe
2936	Unicorn-39476.exe
1124	Unicorn-23694.exe
768	Unicorn-12833.exe
3340	Unicorn-6703.exe
4356	Unicorn-57188.exe
2584	Unicorn-59102.exe
4756	Unicorn-58287.exe
440	Unicorn-22922.exe
1116	Unicorn-4347.exe
4928	Unicorn-61624.exe
3888	Unicorn-49372.exe
3756	Unicorn-10020.exe
4316	Unicorn-10285.exe
644	Unicorn-7378.exe
4556	Unicorn-4155.exe
928	Unicorn-55957.exe
2908	Unicorn-1515.exe
3704	Unicorn-51271.exe
2732	Unicorn-54800.exe
3232	Unicorn-5499.exe
2436	Unicorn-9491.exe
2864	Unicorn-28520.exe
4892	Unicorn-5142.exe
216	Unicorn-42910.exe
4952	Unicorn-5307.exe
2388	Unicorn-5307.exe
3692	Unicorn-16098.exe
2592	Unicorn-18790.exe
4208	Unicorn-22320.exe
3216	Unicorn-24820.exe
3736	Unicorn-1707.exe
4320	Unicorn-11781.exe
4392	Unicorn-50146.exe
2852	Unicorn-28249.exe
1232	Unicorn-63160.exe
3204	Unicorn-20182.exe
5036	Unicorn-46632.exe
1672	Unicorn-24266.exe
1932	Unicorn-57493.exe
4448	Unicorn-46367.exe
2464	Unicorn-7270.exe
4576	Unicorn-14883.exe
4100	Unicorn-585.exe
1716	Unicorn-45510.exe
4572	Unicorn-26944.exe
4420	Unicorn-18510.exe
4992	Unicorn-25552.exe
1636	Unicorn-63077.exe
1452	Unicorn-15267.exe
1116	Unicorn-50078.exe
2052	Unicorn-50078.exe
1496	Unicorn-50078.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 4932	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	88
PID 3272 wrote to memory of 4932	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	88
PID 3272 wrote to memory of 4932	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	88
PID 3272 wrote to memory of 404	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	91
PID 3272 wrote to memory of 404	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	91
PID 3272 wrote to memory of 404	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	91
PID 404 wrote to memory of 4528	404	Unicorn-34184.exe	94
PID 404 wrote to memory of 4528	404	Unicorn-34184.exe	94
PID 404 wrote to memory of 4528	404	Unicorn-34184.exe	94
PID 3272 wrote to memory of 2004	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	95
PID 3272 wrote to memory of 2004	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	95
PID 3272 wrote to memory of 2004	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	95
PID 4528 wrote to memory of 1064	4528	Unicorn-16368.exe	97
PID 4528 wrote to memory of 1064	4528	Unicorn-16368.exe	97
PID 4528 wrote to memory of 1064	4528	Unicorn-16368.exe	97
PID 404 wrote to memory of 3112	404	Unicorn-34184.exe	98
PID 404 wrote to memory of 3112	404	Unicorn-34184.exe	98
PID 404 wrote to memory of 3112	404	Unicorn-34184.exe	98
PID 2004 wrote to memory of 2044	2004	Unicorn-64098.exe	99
PID 2004 wrote to memory of 2044	2004	Unicorn-64098.exe	99
PID 2004 wrote to memory of 2044	2004	Unicorn-64098.exe	99
PID 3272 wrote to memory of 2328	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	100
PID 3272 wrote to memory of 2328	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	100
PID 3272 wrote to memory of 2328	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	100
PID 1064 wrote to memory of 3836	1064	Unicorn-46876.exe	101
PID 1064 wrote to memory of 3836	1064	Unicorn-46876.exe	101
PID 1064 wrote to memory of 3836	1064	Unicorn-46876.exe	101
PID 4528 wrote to memory of 5048	4528	Unicorn-16368.exe	102
PID 4528 wrote to memory of 5048	4528	Unicorn-16368.exe	102
PID 4528 wrote to memory of 5048	4528	Unicorn-16368.exe	102
PID 3112 wrote to memory of 824	3112	Unicorn-31094.exe	103
PID 3112 wrote to memory of 824	3112	Unicorn-31094.exe	103
PID 3112 wrote to memory of 824	3112	Unicorn-31094.exe	103
PID 2044 wrote to memory of 2936	2044	Unicorn-38516.exe	104
PID 2044 wrote to memory of 2936	2044	Unicorn-38516.exe	104
PID 2044 wrote to memory of 2936	2044	Unicorn-38516.exe	104
PID 2004 wrote to memory of 1124	2004	Unicorn-64098.exe	105
PID 2004 wrote to memory of 1124	2004	Unicorn-64098.exe	105
PID 2004 wrote to memory of 1124	2004	Unicorn-64098.exe	105
PID 2328 wrote to memory of 768	2328	Unicorn-42335.exe	106
PID 2328 wrote to memory of 768	2328	Unicorn-42335.exe	106
PID 2328 wrote to memory of 768	2328	Unicorn-42335.exe	106
PID 404 wrote to memory of 3340	404	Unicorn-34184.exe	107
PID 404 wrote to memory of 3340	404	Unicorn-34184.exe	107
PID 404 wrote to memory of 3340	404	Unicorn-34184.exe	107
PID 3272 wrote to memory of 4356	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	108
PID 3272 wrote to memory of 4356	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	108
PID 3272 wrote to memory of 4356	3272	13f936de2eb68e48d24ea60a99a88a80N.exe	108
PID 3836 wrote to memory of 2584	3836	Unicorn-25278.exe	109
PID 3836 wrote to memory of 2584	3836	Unicorn-25278.exe	109
PID 3836 wrote to memory of 2584	3836	Unicorn-25278.exe	109
PID 1064 wrote to memory of 4756	1064	Unicorn-46876.exe	110
PID 1064 wrote to memory of 4756	1064	Unicorn-46876.exe	110
PID 1064 wrote to memory of 4756	1064	Unicorn-46876.exe	110
PID 5048 wrote to memory of 440	5048	Unicorn-27970.exe	111
PID 5048 wrote to memory of 440	5048	Unicorn-27970.exe	111
PID 5048 wrote to memory of 440	5048	Unicorn-27970.exe	111
PID 4528 wrote to memory of 1116	4528	Unicorn-16368.exe	112
PID 4528 wrote to memory of 1116	4528	Unicorn-16368.exe	112
PID 4528 wrote to memory of 1116	4528	Unicorn-16368.exe	112
PID 1124 wrote to memory of 4928	1124	Unicorn-23694.exe	113
PID 1124 wrote to memory of 4928	1124	Unicorn-23694.exe	113
PID 1124 wrote to memory of 4928	1124	Unicorn-23694.exe	113
PID 824 wrote to memory of 3888	824	Unicorn-51920.exe	114

C:\Users\Admin\AppData\Local\Temp\13f936de2eb68e48d24ea60a99a88a80N.exe
"C:\Users\Admin\AppData\Local\Temp\13f936de2eb68e48d24ea60a99a88a80N.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 724
        8⤵
        Program crash
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 724
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 724
        8⤵
        Program crash
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 744
        8⤵
        Program crash
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        9⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        9⤵
        
        PID:14128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        9⤵
        
        PID:17732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        8⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        8⤵
        
        PID:13508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        8⤵
        
        PID:16972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        8⤵
        
        PID:12580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        7⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        9⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        11⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        11⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        10⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
        10⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        10⤵
        
        PID:18892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        9⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        10⤵
        
        PID:18952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        9⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        9⤵
        
        PID:16232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        10⤵
        
        PID:13252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        10⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        10⤵
        
        PID:19176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        9⤵
        
        PID:11560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        9⤵
        
        PID:15128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        9⤵
        
        PID:17760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        9⤵
        
        PID:12396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        9⤵
        
        PID:18776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        8⤵
        
        PID:12164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        10⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        10⤵
        
        PID:15436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27321.exe
        10⤵
        
        PID:18524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        9⤵
        
        PID:15164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        9⤵
        
        PID:18344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        8⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        9⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        8⤵
        
        PID:18424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65424.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
        7⤵
        
        PID:12920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 724
        7⤵
        Program crash
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31915.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        7⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 608
        8⤵
        Program crash
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 628
        8⤵
        Program crash
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        7⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51827.exe
        7⤵
        
        PID:14440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        7⤵
        
        PID:16520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12386.exe
        6⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        6⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        9⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        10⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        10⤵
        
        PID:13500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        10⤵
        
        PID:16908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        9⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        9⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        9⤵
        
        PID:16760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        9⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        9⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12163.exe
        9⤵
        
        PID:17720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        8⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        8⤵
        
        PID:13200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        8⤵
        
        PID:17012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
        9⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
        9⤵
        
        PID:12444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        9⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        8⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        8⤵
        
        PID:12476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        7⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        8⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40752.exe
        8⤵
        
        PID:17684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37587.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        7⤵
        
        PID:12316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        7⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63482.exe
        7⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        9⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        9⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        9⤵
        
        PID:16208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        8⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        8⤵
        
        PID:12560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6040.exe
        7⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        7⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        7⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        6⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        7⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        8⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
        7⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        7⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
        7⤵
        
        PID:18012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        6⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        7⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
        7⤵
        
        PID:16916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        6⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        6⤵
        
        PID:12384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 724
        6⤵
        Program crash
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49284.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        8⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 464
        9⤵
        Program crash
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 240
        9⤵
        Program crash
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        8⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        8⤵
        
        PID:17064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        7⤵
        
        PID:16356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        7⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        7⤵
        
        PID:14108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        7⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9163.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        6⤵
        
        PID:13460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        6⤵
        
        PID:17020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
        6⤵
        
        PID:12540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59420.exe
        6⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16776.exe
        5⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe
        6⤵
        
        PID:11920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        6⤵
        
        PID:17000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        5⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 724
        7⤵
        Program crash
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 768
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        7⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 636
        8⤵
        Program crash
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 636
        8⤵
        Program crash
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        7⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        7⤵
        
        PID:16768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        7⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        8⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        8⤵
        
        PID:14116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        7⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1894.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        7⤵
        
        PID:15336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        6⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 640
        7⤵
        Program crash
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 640
        7⤵
        Program crash
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40406.exe
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54272.exe
        6⤵
        
        PID:16992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        7⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        8⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 624
        9⤵
        Program crash
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57675.exe
        8⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        9⤵
        
        PID:12860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        9⤵
        
        PID:17004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7705.exe
        8⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        8⤵
        
        PID:18508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        8⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        8⤵
        
        PID:14212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        8⤵
        
        PID:17680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        7⤵
        
        PID:16616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        6⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        8⤵
        
        PID:16528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        7⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        7⤵
        
        PID:19068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        6⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        7⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        7⤵
        
        PID:16632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        6⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
        5⤵
        Executes dropped EXE
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
        6⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 628
        7⤵
        Program crash
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        6⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        7⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
        7⤵
        
        PID:17672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        6⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3108.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        6⤵
        
        PID:17216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43216.exe
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 724
        5⤵
        Program crash
        
        PID:1412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 724
        5⤵
        Program crash
        
        PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 728
        5⤵
        Program crash
        
        PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
      4⤵
      PID:5104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 636
        5⤵
        Program crash
        
        PID:6016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 636
        5⤵
        Program crash
        
        PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        5⤵
        
        PID:14328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      4⤵
      PID:8484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
      4⤵
      PID:11676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
      4⤵
      PID:15472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
      4⤵
      PID:18540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        9⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        10⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        10⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        9⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        9⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57717.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        8⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        8⤵
        
        PID:15828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
        8⤵
        
        PID:18728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        7⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        8⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        8⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        8⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
        7⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19648.exe
        8⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        8⤵
        
        PID:16724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        7⤵
        
        PID:15992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        7⤵
        
        PID:19172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55293.exe
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        7⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46290.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        9⤵
        
        PID:16732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        8⤵
        
        PID:14792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        8⤵
        
        PID:18060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        7⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        7⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        7⤵
        
        PID:14084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        6⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        6⤵
        
        PID:12136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        6⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        6⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        9⤵
        
        PID:12552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        9⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        8⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        8⤵
        
        PID:17264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        8⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43082.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        7⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        7⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        7⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        7⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        7⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        6⤵
        
        PID:12044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        5⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        7⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        8⤵
        
        PID:15328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        8⤵
        
        PID:17472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        7⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43004.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        6⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        5⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        6⤵
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50142.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51614.exe
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        8⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        8⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        8⤵
        
        PID:18176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        7⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        7⤵
        
        PID:15068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
        6⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        7⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        7⤵
        
        PID:14812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-487.exe
        7⤵
        
        PID:17952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33249.exe
        6⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        6⤵
        
        PID:17260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        6⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        7⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        7⤵
        
        PID:16652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23979.exe
        7⤵
        
        PID:18784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        6⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        6⤵
        
        PID:15120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        6⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2433.exe
        6⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        5⤵
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
      4⤵
      PID:1680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 724
        5⤵
        Program crash
        
        PID:6528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 724
        5⤵
        Program crash
        
        PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37203.exe
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        5⤵
        
        PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        
        PID:14068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
      4⤵
      PID:7768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
      4⤵
      PID:18160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 724
        5⤵
        Program crash
        
        PID:5504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 724
        5⤵
        Program crash
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        5⤵
        
        PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        5⤵
        
        PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        5⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        5⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
      4⤵
      PID:6676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42465.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      4⤵
      PID:19116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22232.exe
        5⤵
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3041.exe
        6⤵
        
        PID:8784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        6⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        5⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40021.exe
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
      4⤵
      PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        5⤵
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
      4⤵
      PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
      4⤵
      PID:15824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50077.exe
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
      4⤵
      PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
        6⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        5⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        5⤵
        
        PID:17948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
      4⤵
      PID:8168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 636
        5⤵
        Program crash
        
        PID:12404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 656
        5⤵
        Program crash
        
        PID:16312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
    3⤵
    PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21620.exe
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
      4⤵
      PID:18516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
    3⤵
    PID:9412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51288.exe
    3⤵
    PID:12364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
    3⤵
    PID:1036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        6⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
        7⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        8⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59210.exe
        8⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        8⤵
        
        PID:17072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        7⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30753.exe
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6424.exe
        6⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        7⤵
        
        PID:11788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        7⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62640.exe
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        7⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        7⤵
        
        PID:15244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        6⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        6⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        6⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        6⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
        5⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60707.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41252.exe
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        6⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4094.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        8⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        8⤵
        
        PID:15236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55526.exe
        8⤵
        
        PID:18088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        7⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        7⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        7⤵
        
        PID:16928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44396.exe
        7⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
        6⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 632
        7⤵
        Program crash
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        6⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        7⤵
        
        PID:18868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        6⤵
        
        PID:16248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        5⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        6⤵
        
        PID:14100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18961.exe
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        5⤵
        
        PID:12128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        6⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        6⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        6⤵
        
        PID:10484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        6⤵
        
        PID:14200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        6⤵
        
        PID:18356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        5⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        6⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        5⤵
        
        PID:16604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        5⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23208.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        6⤵
        
        PID:14392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        5⤵
        
        PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        5⤵
        
        PID:14936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
      4⤵
      PID:6808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        5⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9480.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
      4⤵
      PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
      4⤵
      PID:16276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        
        PID:15812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40282.exe
        7⤵
        
        PID:10872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
        7⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        7⤵
        
        PID:14412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        6⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8933.exe
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27956.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        7⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        7⤵
        
        PID:16320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        6⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53576.exe
        7⤵
        
        PID:12420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        6⤵
        
        PID:14848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        5⤵
        
        PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        5⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38376.exe
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        7⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        7⤵
        
        PID:15448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        7⤵
        
        PID:18448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48355.exe
        6⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        7⤵
        
        PID:16596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        6⤵
        
        PID:12432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        5⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        6⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        5⤵
        
        PID:9696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
      4⤵
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
        7⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        6⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        5⤵
        
        PID:8112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15589.exe
        6⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        6⤵
        
        PID:15004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        5⤵
        
        PID:13336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        5⤵
        
        PID:15600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
      4⤵
      PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        5⤵
        
        PID:14468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        5⤵
        
        PID:17708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
      4⤵
      PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16701.exe
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
      4⤵
      PID:16296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        7⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
        7⤵
        
        PID:12428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        7⤵
        
        PID:16896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        6⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        6⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        5⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
        5⤵
        
        PID:16776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
      4⤵
      PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22429.exe
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
      4⤵
      PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
      4⤵
      PID:18320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4448
  - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-34510.exe
      C:\Users\Admin\AppData\Local\Temp\UnicËrn-34510.exe
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-12501.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-45615.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-45615.exe
        5⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\UnicËrn-24630.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-24630.exe
        6⤵
        
        PID:14572
      - C:\Users\Admin\AppData\Local\Temp\UnicËrn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-52289.exe
        6⤵
        
        PID:17992
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-3045.exe
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-30753.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-30753.exe
        5⤵
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-29174.exe
      C:\Users\Admin\AppData\Local\Temp\UnicËrn-29174.exe
      4⤵
      PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-841.exe
        5⤵
        
        PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-35900.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-35900.exe
        5⤵
        
        PID:13992
    - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-49112.exe
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-3517.exe
      C:\Users\Admin\AppData\Local\Temp\UnicËrn-3517.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-44079.exe
      C:\Users\Admin\AppData\Local\Temp\UnicËrn-44079.exe
      4⤵
      PID:12836
  - - C:\Users\Admin\AppData\Local\Temp\UnicËrn-28885.exe
      C:\Users\Admin\AppData\Local\Temp\UnicËrn-28885.exe
      4⤵
      PID:16700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1075.exe
    3⤵
    PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4136.exe
        5⤵
        
        PID:17040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
      4⤵
      PID:15480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
      4⤵
      PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
      4⤵
      PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
      4⤵
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
    3⤵
    PID:6460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
    3⤵
    PID:12072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61289.exe
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
    3⤵
    PID:19144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        8⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        8⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        8⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        7⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        7⤵
        
        PID:13320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        7⤵
        
        PID:16936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        6⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        7⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        7⤵
        
        PID:18044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        6⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        7⤵
        
        PID:14480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
        7⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19269.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29268.exe
        7⤵
        
        PID:13812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        7⤵
        
        PID:17424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        6⤵
        
        PID:10540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        6⤵
        
        PID:14284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        6⤵
        
        PID:18068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        5⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-931.exe
        5⤵
        
        PID:18716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
      4⤵
      PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        5⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        6⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38828.exe
        7⤵
        
        PID:14672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        7⤵
        
        PID:18220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        
        PID:12296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        5⤵
        
        PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        5⤵
        
        PID:13376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        5⤵
        
        PID:18004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
      4⤵
      PID:6668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        5⤵
        
        PID:18048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
      4⤵
      PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        5⤵
        
        PID:13344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37514.exe
        5⤵
        
        PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
      4⤵
      PID:11892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
      4⤵
      PID:15344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
      4⤵
      PID:18548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5307.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        5⤵
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
        7⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        7⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        6⤵
        
        PID:13380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        6⤵
        
        PID:16884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        6⤵
        
        PID:14060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        6⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50223.exe
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        5⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24540.exe
      4⤵
      PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        6⤵
        
        PID:15796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        5⤵
        
        PID:15372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33187.exe
        5⤵
        
        PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
      4⤵
      PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        5⤵
        
        PID:15808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
      4⤵
      PID:11528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
      4⤵
      PID:15088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51157.exe
      4⤵
      PID:18212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
    3⤵
    PID:264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        5⤵
        
        PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
      4⤵
      PID:396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58376.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
      4⤵
      PID:11632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
      4⤵
      PID:15188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
      4⤵
      PID:18372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
    3⤵
    PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
      4⤵
      PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
      4⤵
      PID:12660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
      4⤵
      PID:16280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
    3⤵
    PID:8680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
    3⤵
    PID:12172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
    3⤵
    PID:16288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        6⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        6⤵
        
        PID:12572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        6⤵
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
        6⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47290.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7986.exe
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        7⤵
        
        PID:11796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        7⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        6⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        5⤵
        
        PID:16348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        5⤵
        
        PID:18404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34681.exe
      4⤵
      PID:9208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
      4⤵
      PID:12144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5552.exe
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65236.exe
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        6⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        7⤵
        
        PID:13924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        7⤵
        
        PID:18016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        6⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        5⤵
        
        PID:11688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
        5⤵
        
        PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48947.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
      4⤵
      PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3875.exe
    3⤵
    PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40312.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        5⤵
        
        PID:14152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47358.exe
        5⤵
        
        PID:17928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
      4⤵
      PID:10072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52412.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
      4⤵
      PID:16668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
    3⤵
    PID:7272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
      4⤵
      PID:452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
      4⤵
      PID:12484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
      4⤵
      PID:5836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
    3⤵
    PID:752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
    3⤵
    PID:9600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
    3⤵
    PID:17084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        5⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        6⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51251.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        6⤵
        
        PID:10556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        5⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26503.exe
        5⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19669.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        5⤵
        
        PID:8300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        5⤵
        
        PID:14384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32045.exe
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      4⤵
      PID:15220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      4⤵
      PID:6200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 608
        5⤵
        Program crash
        
        PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
      4⤵
      PID:9044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      4⤵
      PID:15792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17950.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
      4⤵
      PID:14920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
      4⤵
      PID:18844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
    3⤵
    PID:12020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
    3⤵
    PID:4300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11781.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
      4⤵
      PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
      4⤵
      PID:3660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
    3⤵
    PID:6588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
      4⤵
      PID:9248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
      4⤵
      PID:13468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23737.exe
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23581.exe
    3⤵
    PID:9736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
    3⤵
    PID:12080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
    3⤵
    PID:16576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
  2⤵
  PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
    3⤵
    PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
      4⤵
      PID:14076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
      4⤵
      PID:17080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58748.exe
    3⤵
    PID:10016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
    3⤵
    PID:12520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
    3⤵
    PID:16692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
  2⤵
  PID:6448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
    3⤵
    PID:9324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
    3⤵
    PID:13964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
    3⤵
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
  2⤵
  PID:1940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
  2⤵
  PID:12056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
  2⤵
  PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1116 -ip 1116
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1116 -ip 1116
1⤵
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2908 -ip 2908
1⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3232 -ip 3232
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2908 -ip 2908
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2436 -ip 2436
1⤵
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4892 -ip 4892
1⤵
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3232 -ip 3232
1⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 3736 -ip 3736
1⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2436 -ip 2436
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2464 -ip 2464
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4100 -ip 4100
1⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4892 -ip 4892
1⤵
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3736 -ip 3736
1⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5104 -ip 5104
1⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2464 -ip 2464
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 1680 -ip 1680
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 4100 -ip 4100
1⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2908 -ip 2908
1⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2860 -ip 2860
1⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2908 -ip 2908
1⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2860 -ip 2860
1⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5104 -ip 5104
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 1680 -ip 1680
1⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6200 -ip 6200
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 5324 -ip 5324
1⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 6324 -ip 6324
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5960 -ip 5960
1⤵
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5544 -ip 5544
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7044 -ip 7044
1⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 5432 -ip 5432
1⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 1280 -ip 1280
1⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 5960 -ip 5960
1⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 5544 -ip 5544
1⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 7044 -ip 7044
1⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6316 -ip 6316
1⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 7404 -ip 7404
1⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 7404 -ip 7404
1⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 6316 -ip 6316
1⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6324 -ip 6324
1⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 9288 -ip 9288
1⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5504 -ip 5504
1⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 6676 -ip 6676
1⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6728 -ip 6728
1⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6188 -ip 6188
1⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 6492 -ip 6492
1⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 6208 -ip 6208
1⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 7884 -ip 7884
1⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 848 -p 6676 -ip 6676
1⤵
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 868 -p 6728 -ip 6728
1⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 6492 -ip 6492
1⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 7884 -ip 7884
1⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 9288 -ip 9288
1⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 8080 -ip 8080
1⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 8168 -ip 8168
1⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 5504 -ip 5504
1⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 5940 -ip 5940
1⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 5940 -ip 5940
1⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 8080 -ip 8080
1⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 8168 -ip 8168
1⤵
PID:14844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 12408 -ip 12408
1⤵
PID:18208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 10220 -ip 10220
1⤵
PID:17976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe

Filesize
184KB

MD5
8ed5796b77f17eff3c21de53aba12061

SHA1
bf3ead2d3f5467a61f6ee398a77cf70ba6a7d98a

SHA256
254dc7589e5fbfb3e729ed2b4ca7049783ed1311b3b939fb915356dafe3e254d

SHA512
837ed083094fe5633caedcc70cef03fa37760688647b960de330bad162ec4ac72a8ce962061a57d6838811602ab4455324497b38f5ff155f099872704a315759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe

Filesize
184KB

MD5
202d9122609f60abb1afb8b68f99866e

SHA1
e390ff7ef83e70c8cfab162f3b42b173aaed727b

SHA256
af3a7e8b7098fa68dc0b37bf4c557498424cf51550f11427612c68f2e4ef7d08

SHA512
944f04ac408502a68df6e6ecc7668b1ae58ddb5e6b51f180eab2e99c551fa5695f55653d4c1afec124604f1cf3cb45954f0f5c0ac61052ebde28406ef7b70597

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe

Filesize
184KB

MD5
4f5e6a1e911836266f128a7a7cce564e

SHA1
9c3ae6eacbafa89d7daa5bc15cf17268236a3d58

SHA256
d2dac4d881b59ae4f1558033fbafc4946eb04551aa64e0f4116a529e9308fb2e

SHA512
9f08f15d9771e764219c87f04fca6b1fb70ac0666194d18a675072b18e88e6d1a8d09671f52e4a55382b870ce5378970585105537f57dc0c8894702b474c1956

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe

Filesize
184KB

MD5
a3060917945fd90f3eecde7efccab217

SHA1
dc7a9da985f847480d39bfcd5c96f094aa50f39c

SHA256
bedf3349d12068091d2d4ce0ed086448197feedf3a52839805c3a198f8dbfa6e

SHA512
436793137a50d38a5c079c746c4b3e4476d2a2b69f5bc3eb40419636cdd7bddc6e26c5037a18b3ac5319f63f5f0ffd824a5757176d880210f0decea135cf8d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe

Filesize
184KB

MD5
ec47864c62b9b08f2b00de4cb65e7936

SHA1
63af5ab53bd8f861a5369c84cd77176f49d1c12a

SHA256
d958025fa4ea13e625c0e93b42810a4184c3eaaad2cb8a3e7a07d3d649bef2d0

SHA512
23b74a7ad297b889173a58542b99bffdb3620ba42999def7e4159555cd4e1830e2bf69876840c1c0f3ab6c8f0a1d15c7f043670b6fa78969bea398d8d1530931

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe

Filesize
184KB

MD5
893baaccd81678aeb0741de46fb7f63c

SHA1
1f565e0f5270b81fc2b0dbd4793bde19062a34f9

SHA256
a6ae8525db22a211bc9524ac7f5733ad8564119a2301f5737a38769ed5d83acd

SHA512
c32e5b58aeb3d05ea686070c26762989055ff2ee4cb194adada2773e0d9715a5c7eabfc5525300c13f092f51ee377efefab42c42988248d2cd9ce9f5aa3fd3d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22922.exe

Filesize
184KB

MD5
59d226878e34baad5f45542d8431452d

SHA1
c4684a646397255f91852f0cbabf0620c02a9e25

SHA256
0d2e3c648ba6437b81d4a0106b0d91128f9d2c0cefb7b44f9b424057cef9fd4a

SHA512
842d9440078d24d6a89a9ce2cd8756dfb80664f5a2d8c1bf7783439ee360a59140a862509aeab90c458e62b5285d87b9315577226bd8344aa87d790939b8c49e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe

Filesize
184KB

MD5
dd9f4a13662f52e1d46d0e2fbbcb10be

SHA1
42a3ced6d65c12316e6bae10c06e3818a9f7f3e1

SHA256
ef05f9b8c51d3f539c3a751b88fc3da154c9de99df1500e81929c07383bb08d3

SHA512
073e0dec0c302c52bc5c585f76a6ec6f1f87458a30cc385ab22e9594a507aa8f2b8cb690cd0e8cfa06a9f8800414ca197722e0338b63fd00c395151117cba031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe

Filesize
184KB

MD5
1a5b6cd6679af8d781922cde454dc43d

SHA1
0c4751ed40fd4626711377105e09b82d5169f1f8

SHA256
cdc5ee7826b7d63f2fdffbc2dc9c61e3ccd40b426c12bb9ddc3e27230b0f887d

SHA512
36419fb8d94d3a86ede40ea2f711fa61e94fbd8bc92cf4b05af5be7ab3d1dd09a8ace5c00f9ec781237cab613ea554868443735cf3e5794513678d9635c2e377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe

Filesize
184KB

MD5
0796c3c334cb228e10199641b75eca5a

SHA1
5778c998ff95516f4f2a1efe5795a82f3624c0ee

SHA256
fb4be92512e4eabb3d7418e4cf659a6b5f7e1a4c78380e5e63b8875eb3d37874

SHA512
e0abe3d4a6bcca22abedf5264254309b60f192ebb94e0ade10913a0d6147b5006c29d78c5d732d695edba12b1a328ad203981d24a2e583b5831353aa52c121b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe

Filesize
184KB

MD5
24afc178524657d31dd21cf65ab8a083

SHA1
5f1b1fd9bf1e70b44e0ce8a8b639a95666cfb3f3

SHA256
9a3a64ca1ef65d45f7862261eb2322074ec52fc51d467d04f160e4dbb95e7dc2

SHA512
85f0d6b0a296ceeb655e85fb3943c2db1ac838b0a6c4f317394c1766ceb1b6021bb389c902546afc29d1afe84644ae4c288abd7bca879d64d0258dc8b89621b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe

Filesize
184KB

MD5
9736ba29d1f8157c401ece7d4ae3f39c

SHA1
a4a6c11d461aaeaa86a68941e5b0c0e3a92a73f6

SHA256
3508c03c8c40dd61578b694ec2bc00623a731e3c4e000adde0861b66b12a612c

SHA512
564bd527ebc0caea2ecf7c4f3eba4b1e2ec6ca80392a2e02432fe91704b2b5f38b2a0b9c7561fec1813a7b3a8ce6358c19ae4446a825375a66febc289778e5ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe

Filesize
184KB

MD5
bffbee0f2b582e92242aac2c6890baea

SHA1
4a410b66fefd81e64ac86bfd2f229ead3ea89a99

SHA256
8d4e7f28efbc8eb49f54ae7a6e07e89f2b4239d265171147dc42d44af1361519

SHA512
b6eecfa6c4eab5effcb419282ae7c9721e9b38e0c385d4e69a397f6f4fd72f767800152a03cdac1ee126f9d90829162b180b6df2df786801a7419b4b67fb3d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe

Filesize
184KB

MD5
cf21ceddaebede98abec67aee92e03d9

SHA1
aad4748a5848700bdfc20012ae78732b554a4ade

SHA256
57435c302c6f073c139c41e50c716395d4a3544e84cfc1571fdb204095ade473

SHA512
bc24f39395f8e68e8fb9db125d0751881490441781b83894c95fafecb47eedb93608d5ae1e28d61a262138c5fd5399ea95517306c3be8f266218d2f5fa6fa534

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe

Filesize
184KB

MD5
feb57e2b0e06add0828e79270aa5dd8c

SHA1
916cf9b90e3fd1638a247992d50be127c269da66

SHA256
6c991a2db982d47fbc37473b6dc6406e52df59c5451df1240abc8166125e3b31

SHA512
e8c96706f67b825e660aa6d01327aa6dc7ee5784ff5a2b5cb10713ea31c9dc3930d3abcdcd03de7043faedd6028b66071c15fde3fa65223e2ceb2f4ca0380c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe

Filesize
184KB

MD5
085445f13e08b18cee33e59048762e86

SHA1
50024cbba12049f8e3d9db7535900426424627ac

SHA256
c89e5cc328b0fe0556a4e2a032b81b03cce949b30676db3d9f1716467df4b767

SHA512
4e74ad2445b28e808f3ecb7a0ad22f2d4793eb191fb1913e3df93ce64393edd8ef5785f4ab4ae96164a4bfa9e98002d5fb332921cc96796b1aa8648cafd32a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe

Filesize
184KB

MD5
a23824ab9218de94d4ccc12fbdf29722

SHA1
01abe2e7a90b8ecd990071cfea48a64d2a3a7d20

SHA256
785bd935e040591ed6088837a0f7f069c4fe7d583563e12f20e5a6f033cce47b

SHA512
7959ce4cb8e21f5a002b6ffdbf2b77fc150d2cb0a56b7972f34c3302123e29972b6fbcd7c2ac905eb9f5374a6409ae0682739e24589df1fc6717c129e11b505b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe

Filesize
184KB

MD5
d2b177e59fbbdfca28d2a91d349d84f2

SHA1
8bd8353550bdcd80806283a0a58a1e9086fe7285

SHA256
89fdfa83f90869642faa5389e002a8b28ef41e311f610acf5b08867867f9fc61

SHA512
9d90f4400d35894d13e64b7aae9576a0a84ab14e08e0c84d4c6f1fa2f2c435bbc67cc7d8059543aba44d469da724939d936c6bf997d1b48e7eddba28f31e9b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe

Filesize
184KB

MD5
0e77a1f7fddc92a7956d6b4268cc427e

SHA1
ec9ca502bb562ccaf0729f976130d9a838ee32b2

SHA256
1028d1fc782238a73b5cc8800e124b412a33ddcc7697eaf88fb24c6f5f3b3dd5

SHA512
16f1abeedf5770e094cb9788ebb2058cec3b1a19c8dbac9cc6e9515c9a088b4659e6eb974684db7a405912df347fa55c53920022312a3d2f4ba5d5ed9dd11389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51271.exe

Filesize
184KB

MD5
ea6b179c2f4abb3b33e11be150503a09

SHA1
f8622fe58f5b176cfa863e29a43cf0c8776a2ecf

SHA256
3b169cf3b0519070dff890bd123a0ee3149e537431f6024465e92e1a0c2f9a65

SHA512
f956acd423b121d168e9117030ac93644d2d4faf6a63eecbb2de726e9122af6c789d33bee73ac1a28e655806a9cbf30389f8bfbeb5e010bbe3a7ae8b2ba51938

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe

Filesize
184KB

MD5
a66668aedeb1fc26c8ae8a41adba589c

SHA1
78eda62ee09a784fde620ce89ceedf3f8a7968c5

SHA256
1b17306a41fc6154a4c79b5790d1e818d7ac1c130a2e93365e90163a417de4c2

SHA512
388f4490d0379ca4245d279b399111f74227222d525a6e4065495c9d0c3552673e55ea520d748b741d82dbf91a7a9b4017edb832827065283b4c09a6a157c812

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe

Filesize
184KB

MD5
3bbd2e3bd58bf481196b7bee2211e126

SHA1
24ba046f9f5aeecf27c663b17b0acb676e5bc32d

SHA256
889ff95ff2b355b9e4b54c7dc23a88fb4d6fc6751434606a9075c659cfff8543

SHA512
ddef176837ad064614856f6ffbc058faa22c2152e908963c32ef916a46a9d741be3bcbee14c28ec86a4799112ae12e6f1f4dcfe124b8a22327fe5550aab1220e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe

Filesize
184KB

MD5
a141d6ddbec97c2b616b466b624b4cb3

SHA1
2e300d8e84de0ca7da9bddf0460b06ed9058047b

SHA256
1c113af7ad7c535a51eaca7cabe289d8a2398b2246e626ec2715cb67a07a9e33

SHA512
5ec9ff7b66d6e3cffbb90e3a2fe0c9c84366ff9f2530329b2eb919a0b0973e7a7e92dd0441923706e32fdf9c44ee771e42d02968989f7c2ffc310fe501e9ae1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe

Filesize
184KB

MD5
f4d4cf0e24fd40ca18ac526ddad001da

SHA1
4d04bc66a313f3ef0b6b55d5eab9792f776d5cfe

SHA256
410cb9b1bbcf363c9fb890b8320f6d7b128e016b9567b7f57c6836fddfc1c30f

SHA512
117b90f936b9f8b95c716fc450faea8437f1cd53249588bb4c8361538edc7849c14d4d7e4141af7890099d4473ae5d939f2701e6a8acc2c408dc7ec6f6beb7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe

Filesize
184KB

MD5
b8c3bc23afcb9c1c6db4aa38cfa0dae0

SHA1
1503df85e46d1d1c478bee22dac22240e95f0b97

SHA256
31eaa963ff06b4ce4a37e63dfda544c2e83979e3651786895859d8cfc02d3e9c

SHA512
6219e80ba33ce3aa397d8740f1f590785c5f5b748046e08ea4a0b8d166c8c9e816c259dd5cc9f3a174250eec2eef52d38e3b4e3c09839fa78a6fc333e73ad73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe

Filesize
184KB

MD5
c4cd83fec0b755e6f2be1261023bc5d6

SHA1
6131de39a772b9bdc03d35aa6d57c26fbeec8e69

SHA256
6ddc53e8717b3f16309d8ca3f8eaa024015024d16c46efc101cb5b46851369d8

SHA512
cb822b2af25c58899ffa1a404b8d74a64ca380b9e80eda37424db930070ee196e7da12ab581a829f54b9979c1ce0727e46685afd0d6f37639dde643d3ff93d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe

Filesize
184KB

MD5
69e3c4c597a3dfaf30fef8719afce62f

SHA1
87474a5857c05db1e37f99bd0338ec8f509da3c3

SHA256
8009c331f5659d89be6dc1e27515f5b64bf85e11895f0410e4003f68b7ce5aca

SHA512
bacd30169f930bfe0b3c5ad437ccc0c927879ccd5b2bc0e922cfa95a7f4e33fd8960918c25e3403149ad215fc658a0b8a6f5571ae66a6841f67290ed876e4451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61624.exe

Filesize
184KB

MD5
9e4a08386a9e13251198b6699d5c5816

SHA1
193316864eb0d3ec54c0e18aa5a1d8519294ef8e

SHA256
7c0e0e1b626f72130c5e8c1d2005a2c2ea5000b020b0980761c220796a98dfa2

SHA512
f7be04453b1b83960b2a4ea8352547e66eb7bb73aeda73d320666eb581f8576b08aa52c317cc1736811e112e8f86811b671b7da4c6c0c631d707defd92f87650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe

Filesize
184KB

MD5
e359a5a17bae41c476e423efe151fb4e

SHA1
77c9e832a75b93e925f391d3b1f420ddcdcefd5b

SHA256
89fba25cf0a74a99a2c5a45ddd771b46ad069f849fbeff95867b15a95a6bc894

SHA512
a2a45bd4ffb111f3f91d66f7b3a1413be3986a1a510cf009f6789ea13d4ad0af602ea02e4a7f1200e4324ac6ec12e3dbcbf0f559a7008789a826f6376ac2f2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe

Filesize
184KB

MD5
903f7b5944ed02d0202d6e368e0e077e

SHA1
bc77859705f269a63b51a5f117616abe18dbc249

SHA256
8536468836dd0c52166923bab16ca405361e20322f29dd41c6dc838560189e58

SHA512
00dd22173a749b5c3bd4a0f1497424c8ed506aec21db984ac03495985005b2713df070744c3e99550d3e3cbad594a57bb2404d5b00abb0df70fe94768612e22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe

Filesize
184KB

MD5
e44af22ffe717145bacadc2d25240baf

SHA1
df78edafca25821d59093a1d000f640d827fda37

SHA256
5200076ec2d7299fae0ce49d0bac76619492c57c3a9b7114f96d616ce17cdc34

SHA512
c2bd531ef680a90a89e0c367713e31bab89f6e59129a209c33c7fa54b8a58dba9a5a69281acd4a0f8feebd1f7f301106eb8733142a78798b11722b2e578bf9f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe

Filesize
184KB

MD5
e7fee649904b625a3427f38599397769

SHA1
38f578fe07f61b31a530d116f7e42f4edd5bd1fa

SHA256
ea2042e908561575ad768d0ef5c5119f9df1e60660600f0e9b928e48a62b8311

SHA512
25959dbbbc06287c1c6baeff7b646d68330da4b1db435a3da2fe9f3a3d4ac3de8076fe835a21b5ed2a96f4f1a017a1540125670f0000814510e65f06787d102e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads