5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 22:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
Size

184KB
MD5

865b6f7645b9005b4d49556e5dbd2719
SHA1

4c857210b49baa706d423fd84ed2a2902c8ad7c8
SHA256

5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6
SHA512

7f3d6df19a695def8fedc0c3b45ba8ccf0a30cf2d36bd553ef5c29aadd12834d6fe622d55981eb394b450d38ae607201b190837399958a2c64bfe629854dd467
SSDEEP

3072:oDmFU0oU/TeldvNttxeW3CP+VvuqnviuYn2:oDcobDvNkWSP+VGqnviuY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
2596	Unicorn-57483.exe
2656	Unicorn-2335.exe
2636	Unicorn-22201.exe
2436	Unicorn-52927.exe
2628	Unicorn-46797.exe
1716	Unicorn-37551.exe
2168	Unicorn-37551.exe
1264	Unicorn-27336.exe
1348	Unicorn-48412.exe
544	Unicorn-13601.exe
1016	Unicorn-33467.exe
1588	Unicorn-2740.exe
2128	Unicorn-2475.exe
2720	Unicorn-62294.exe
1924	Unicorn-34068.exe
2964	Unicorn-45766.exe
696	Unicorn-4825.exe
1048	Unicorn-6871.exe
1720	Unicorn-17732.exe
400	Unicorn-37598.exe
1784	Unicorn-37598.exe
2356	Unicorn-59394.exe
2708	Unicorn-17732.exe
1772	Unicorn-64240.exe
840	Unicorn-29165.exe
2716	Unicorn-58110.exe
780	Unicorn-55086.exe
612	Unicorn-35220.exe
2268	Unicorn-40788.exe
1472	Unicorn-38750.exe
1712	Unicorn-18884.exe
2092	Unicorn-3939.exe
1504	Unicorn-16995.exe
1900	Unicorn-61308.exe
2316	Unicorn-33850.exe
2536	Unicorn-37380.exe
2396	Unicorn-30835.exe
2476	Unicorn-44571.exe
2548	Unicorn-64022.exe
2904	Unicorn-40487.exe
2900	Unicorn-11806.exe
2508	Unicorn-33410.exe
2432	Unicorn-42341.exe
3048	Unicorn-7265.exe
108	Unicorn-63429.exe
348	Unicorn-65475.exe
2044	Unicorn-10799.exe
1228	Unicorn-22497.exe
2272	Unicorn-52958.exe
2744	Unicorn-45055.exe
2756	Unicorn-56492.exe
2060	Unicorn-6736.exe
2844	Unicorn-31332.exe
1932	Unicorn-37463.exe
1408	Unicorn-48324.exe
616	Unicorn-64105.exe
2724	Unicorn-33379.exe
992	Unicorn-55175.exe
2368	Unicorn-40155.exe
920	Unicorn-25019.exe
1704	Unicorn-35879.exe
1640	Unicorn-16851.exe

Loads dropped DLL 64 IoCs

pid	Process
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1736	Unicorn-36233.exe
1736	Unicorn-36233.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
2596	Unicorn-57483.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
2596	Unicorn-57483.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
2628	Unicorn-46797.exe
2636	Unicorn-22201.exe
2636	Unicorn-22201.exe
2940	Unicorn-46622.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
2596	Unicorn-57483.exe
2436	Unicorn-52927.exe
1736	Unicorn-36233.exe
2596	Unicorn-57483.exe
2436	Unicorn-52927.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
2656	Unicorn-2335.exe
2656	Unicorn-2335.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
1672	WerFault.exe
2168	Unicorn-37551.exe
2168	Unicorn-37551.exe
2636	Unicorn-22201.exe
2636	Unicorn-22201.exe
544	Unicorn-13601.exe
544	Unicorn-13601.exe
2596	Unicorn-57483.exe
2596	Unicorn-57483.exe
1016	Unicorn-33467.exe
1016	Unicorn-33467.exe
2656	Unicorn-2335.exe
2436	Unicorn-52927.exe
1588	Unicorn-2740.exe
2128	Unicorn-2475.exe
1588	Unicorn-2740.exe
2436	Unicorn-52927.exe
2128	Unicorn-2475.exe
2656	Unicorn-2335.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1348	Unicorn-48412.exe
1348	Unicorn-48412.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1672	2628	WerFault.exe	34
2908	1264	WerFault.exe	39
1468	1772	WerFault.exe	54
1292	2356	WerFault.exe	53
2220	1924	WerFault.exe	45
2604	2316	WerFault.exe	69
2528	1784	WerFault.exe	51
2924	400	WerFault.exe	52
2500	1588	WerFault.exe	43
2804	2900	WerFault.exe	79
2764	840	WerFault.exe	56
2424	3048	WerFault.exe	82
1708	2904	WerFault.exe	78
1968	348	WerFault.exe	84
2020	1228	WerFault.exe	86
1356	2060	WerFault.exe	90
1268	1712	WerFault.exe	64
1460	1704	WerFault.exe	99
3324	1652	WerFault.exe	140
3596	920	WerFault.exe	98
3836	2324	WerFault.exe	130
3876	1896	WerFault.exe	149
3868	2644	WerFault.exe	163
3884	3032	WerFault.exe	141
3992	2708	WerFault.exe	49
4036	2388	WerFault.exe	113
3176	1848	WerFault.exe	160
3424	1908	WerFault.exe	162
3476	1256	WerFault.exe	153
3548	2396	WerFault.exe	74
3712	1640	WerFault.exe	100
3080	2712	WerFault.exe	155
3240	2384	WerFault.exe	112
3512	1196	WerFault.exe	179
3636	2600	WerFault.exe	183
3932	108	WerFault.exe	83
3732	1432	WerFault.exe	190
3844	2684	WerFault.exe	166
3912	2012	WerFault.exe	184
4088	2304	WerFault.exe	125
3276	1476	WerFault.exe	115
3668	1636	WerFault.exe	104
3672	2788	WerFault.exe	123
3188	2292	WerFault.exe	176
3460	788	WerFault.exe	158
3816	2136	WerFault.exe	193
4116	2752	WerFault.exe	117
4108	2616	WerFault.exe	107
4244	1868	WerFault.exe	196
4252	2036	WerFault.exe	188
4552	572	WerFault.exe	199
4544	2148	WerFault.exe	191
4636	2272	WerFault.exe	87
4672	1600	WerFault.exe	197
4584	3104	WerFault.exe	202
5020	4528	WerFault.exe	321
5032	3192	WerFault.exe	206
4520	2120	WerFault.exe	180
5520	2816	WerFault.exe	146
5568	2508	WerFault.exe	80
5712	1104	WerFault.exe	167
6084	3020	WerFault.exe	159
5404	3344	WerFault.exe	211
6116	3076	WerFault.exe	241

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
1736	Unicorn-36233.exe
2940	Unicorn-46622.exe
2596	Unicorn-57483.exe
2656	Unicorn-2335.exe
2636	Unicorn-22201.exe
2436	Unicorn-52927.exe
2628	Unicorn-46797.exe
2168	Unicorn-37551.exe
1264	Unicorn-27336.exe
544	Unicorn-13601.exe
1016	Unicorn-33467.exe
2128	Unicorn-2475.exe
1588	Unicorn-2740.exe
1348	Unicorn-48412.exe
2720	Unicorn-62294.exe
1924	Unicorn-34068.exe
2964	Unicorn-45766.exe
696	Unicorn-4825.exe
1048	Unicorn-6871.exe
1720	Unicorn-17732.exe
1772	Unicorn-64240.exe
1784	Unicorn-37598.exe
400	Unicorn-37598.exe
2356	Unicorn-59394.exe
2708	Unicorn-17732.exe
2716	Unicorn-58110.exe
840	Unicorn-29165.exe
780	Unicorn-55086.exe
2268	Unicorn-40788.exe
1712	Unicorn-18884.exe
1472	Unicorn-38750.exe
2092	Unicorn-3939.exe
1504	Unicorn-16995.exe
1900	Unicorn-61308.exe
2316	Unicorn-33850.exe
2536	Unicorn-37380.exe
2396	Unicorn-30835.exe
2476	Unicorn-44571.exe
2548	Unicorn-64022.exe
2904	Unicorn-40487.exe
2900	Unicorn-11806.exe
2432	Unicorn-42341.exe
2508	Unicorn-33410.exe
3048	Unicorn-7265.exe
108	Unicorn-63429.exe
348	Unicorn-65475.exe
2044	Unicorn-10799.exe
1228	Unicorn-22497.exe
2272	Unicorn-52958.exe
2756	Unicorn-56492.exe
2744	Unicorn-45055.exe
2060	Unicorn-6736.exe
2844	Unicorn-31332.exe
1408	Unicorn-48324.exe
1932	Unicorn-37463.exe
616	Unicorn-64105.exe
2724	Unicorn-33379.exe
992	Unicorn-55175.exe
2368	Unicorn-40155.exe
920	Unicorn-25019.exe
1704	Unicorn-35879.exe
1640	Unicorn-16851.exe
1532	Unicorn-23435.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1736	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	28
PID 1948 wrote to memory of 1736	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	28
PID 1948 wrote to memory of 1736	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	28
PID 1948 wrote to memory of 1736	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	28
PID 1736 wrote to memory of 2940	1736	Unicorn-36233.exe	29
PID 1736 wrote to memory of 2940	1736	Unicorn-36233.exe	29
PID 1736 wrote to memory of 2940	1736	Unicorn-36233.exe	29
PID 1736 wrote to memory of 2940	1736	Unicorn-36233.exe	29
PID 1948 wrote to memory of 2596	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	30
PID 1948 wrote to memory of 2596	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	30
PID 1948 wrote to memory of 2596	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	30
PID 1948 wrote to memory of 2596	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	30
PID 1736 wrote to memory of 2656	1736	Unicorn-36233.exe	31
PID 1736 wrote to memory of 2656	1736	Unicorn-36233.exe	31
PID 1736 wrote to memory of 2656	1736	Unicorn-36233.exe	31
PID 1736 wrote to memory of 2656	1736	Unicorn-36233.exe	31
PID 2940 wrote to memory of 2636	2940	Unicorn-46622.exe	32
PID 2940 wrote to memory of 2636	2940	Unicorn-46622.exe	32
PID 2940 wrote to memory of 2636	2940	Unicorn-46622.exe	32
PID 2940 wrote to memory of 2636	2940	Unicorn-46622.exe	32
PID 2596 wrote to memory of 2436	2596	Unicorn-57483.exe	33
PID 2596 wrote to memory of 2436	2596	Unicorn-57483.exe	33
PID 2596 wrote to memory of 2436	2596	Unicorn-57483.exe	33
PID 2596 wrote to memory of 2436	2596	Unicorn-57483.exe	33
PID 1948 wrote to memory of 2628	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	34
PID 1948 wrote to memory of 2628	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	34
PID 1948 wrote to memory of 2628	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	34
PID 1948 wrote to memory of 2628	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	34
PID 2636 wrote to memory of 2168	2636	Unicorn-22201.exe	36
PID 2636 wrote to memory of 2168	2636	Unicorn-22201.exe	36
PID 2636 wrote to memory of 2168	2636	Unicorn-22201.exe	36
PID 2636 wrote to memory of 2168	2636	Unicorn-22201.exe	36
PID 2940 wrote to memory of 1348	2940	Unicorn-46622.exe	38
PID 2940 wrote to memory of 1348	2940	Unicorn-46622.exe	38
PID 2940 wrote to memory of 1348	2940	Unicorn-46622.exe	38
PID 2940 wrote to memory of 1348	2940	Unicorn-46622.exe	38
PID 1736 wrote to memory of 1264	1736	Unicorn-36233.exe	39
PID 1736 wrote to memory of 1264	1736	Unicorn-36233.exe	39
PID 1736 wrote to memory of 1264	1736	Unicorn-36233.exe	39
PID 1736 wrote to memory of 1264	1736	Unicorn-36233.exe	39
PID 2596 wrote to memory of 544	2596	Unicorn-57483.exe	40
PID 2596 wrote to memory of 544	2596	Unicorn-57483.exe	40
PID 2596 wrote to memory of 544	2596	Unicorn-57483.exe	40
PID 2596 wrote to memory of 544	2596	Unicorn-57483.exe	40
PID 2436 wrote to memory of 1016	2436	Unicorn-52927.exe	41
PID 2436 wrote to memory of 1016	2436	Unicorn-52927.exe	41
PID 2436 wrote to memory of 1016	2436	Unicorn-52927.exe	41
PID 2436 wrote to memory of 1016	2436	Unicorn-52927.exe	41
PID 2628 wrote to memory of 1672	2628	Unicorn-46797.exe	37
PID 2628 wrote to memory of 1672	2628	Unicorn-46797.exe	37
PID 2628 wrote to memory of 1672	2628	Unicorn-46797.exe	37
PID 2628 wrote to memory of 1672	2628	Unicorn-46797.exe	37
PID 2656 wrote to memory of 1588	2656	Unicorn-2335.exe	43
PID 2656 wrote to memory of 1588	2656	Unicorn-2335.exe	43
PID 2656 wrote to memory of 1588	2656	Unicorn-2335.exe	43
PID 2656 wrote to memory of 1588	2656	Unicorn-2335.exe	43
PID 1948 wrote to memory of 2128	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	42
PID 1948 wrote to memory of 2128	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	42
PID 1948 wrote to memory of 2128	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	42
PID 1948 wrote to memory of 2128	1948	5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe	42
PID 2168 wrote to memory of 2720	2168	Unicorn-37551.exe	44
PID 2168 wrote to memory of 2720	2168	Unicorn-37551.exe	44
PID 2168 wrote to memory of 2720	2168	Unicorn-37551.exe	44
PID 2168 wrote to memory of 2720	2168	Unicorn-37551.exe	44

C:\Users\Admin\AppData\Local\Temp\5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe
"C:\Users\Admin\AppData\Local\Temp\5f3bd08280ab1f0c088bdc72a04706986148e413d587ed5bdc05812e5a3a4dd6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 244
        9⤵
        Program crash
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        10⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 224
        11⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        10⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
        10⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
        10⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35074.exe
        10⤵
        
        PID:12292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        9⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        9⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
        9⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26685.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        10⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        10⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        10⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 248
        9⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        9⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        9⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        9⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        8⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41476.exe
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39538.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        11⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        11⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15148.exe
        10⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6478.exe
        10⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        9⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 220
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        9⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        9⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        9⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29138.exe
        8⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 224
        9⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        9⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        9⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 212
        9⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59087.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        8⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12506.exe
        8⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 244
        8⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        10⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        9⤵
        Program crash
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29377.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        9⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 224
        9⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
        8⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 248
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32403.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        9⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 220
        9⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        8⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60514.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        8⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        7⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        7⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        6⤵
        Executes dropped EXE
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63772.exe
        10⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        10⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 244
        10⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        9⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        9⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        9⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19455.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27531.exe
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        9⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        9⤵
        
        PID:11356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        8⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        7⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        8⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8520.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        8⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        8⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
        7⤵
        Program crash
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        7⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 244
        8⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 248
        7⤵
        Program crash
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59195.exe
        8⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        8⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63176.exe
        7⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        
        PID:7120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40305.exe
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        7⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        7⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15143.exe
        7⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        6⤵
        
        PID:7960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        6⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40788.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 220
        7⤵
        Program crash
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe
        6⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        8⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 224
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15558.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        8⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56181.exe
        8⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        8⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47852.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
        8⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55480.exe
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        6⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 224
        7⤵
        Program crash
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        7⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 244
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50422.exe
        6⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3383.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
        6⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        6⤵
        
        PID:11616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        7⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 244
        8⤵
        Program crash
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 248
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27000.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        7⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 220
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        7⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 244
        7⤵
        
        PID:7288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        6⤵
        Program crash
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51174.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
        6⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 224
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 248
        6⤵
        Program crash
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        5⤵
        
        PID:2148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 224
        6⤵
        Program crash
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55190.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
        6⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        5⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38016.exe
        5⤵
        
        PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 188
        6⤵
        Program crash
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        5⤵
        
        PID:572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 224
        6⤵
        Program crash
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        5⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
        6⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        6⤵
        
        PID:10788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        6⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
        5⤵
        
        PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3500.exe
        5⤵
        
        PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42341.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
        6⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 248
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32580.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        8⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 224
        8⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
        7⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        7⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        8⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        8⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        8⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        8⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        8⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14634.exe
        7⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        7⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
        7⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        7⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
        6⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        7⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 228
        7⤵
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        6⤵
        
        PID:7448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7008.exe
        6⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        5⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64572.exe
        6⤵
        
        PID:788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 224
        7⤵
        Program crash
        
        PID:3460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 248
        6⤵
        Program crash
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        5⤵
        
        PID:1848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 244
        6⤵
        Program crash
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        5⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        6⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        6⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
        5⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        5⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        5⤵
        Program crash
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
      4⤵
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        7⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 224
        7⤵
        
        PID:10400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        6⤵
        Program crash
        
        PID:5712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        5⤵
        Program crash
        
        PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
        5⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-618.exe
        6⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 224
        7⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        6⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        6⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        6⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        6⤵
        
        PID:8460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        6⤵
        
        PID:12304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34556.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        5⤵
        
        PID:10848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        5⤵
        
        PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
      4⤵
      PID:9776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
      4⤵
      PID:10528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
      4⤵
      PID:12800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 228
        5⤵
        Program crash
        
        PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        8⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 220
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        8⤵
        Program crash
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
        7⤵
        Program crash
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        7⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 220
        8⤵
        Program crash
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46840.exe
        7⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3585.exe
        7⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44797.exe
        7⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        6⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 240
        7⤵
        Program crash
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        6⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 244
        6⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 244
        6⤵
        Program crash
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        5⤵
        
        PID:1896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 224
        6⤵
        Program crash
        
        PID:3876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        5⤵
        Program crash
        
        PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1355.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        8⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 224
        8⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6980.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2586.exe
        7⤵
        
        PID:11632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45906.exe
        6⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3109.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
        7⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 224
        7⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        6⤵
        
        PID:5472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        6⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24094.exe
        5⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63663.exe
        7⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        7⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        6⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        5⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        6⤵
        
        PID:8780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 220
        6⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        5⤵
        
        PID:7864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        5⤵
        
        PID:10624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
      4⤵
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        6⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39346.exe
        7⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 224
        7⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51713.exe
        6⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51403.exe
        6⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39098.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        6⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15096.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        5⤵
        
        PID:8956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        5⤵
        
        PID:9868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        5⤵
        
        PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        5⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
        6⤵
        
        PID:8792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 224
        6⤵
        
        PID:9692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        5⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32663.exe
        5⤵
        
        PID:9240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        5⤵
        
        PID:11120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
      4⤵
      PID:3076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 220
        5⤵
        Program crash
        
        PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
      4⤵
      PID:7400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
      4⤵
      PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58349.exe
      4⤵
      PID:11136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 224
      4⤵
      Loads dropped DLL
      Program crash
      PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        5⤵
        Program crash
        
        PID:2804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
      4⤵
      Program crash
      PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4406.exe
      4⤵
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52128.exe
        5⤵
        
        PID:2684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 224
        6⤵
        Program crash
        
        PID:3844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 248
        5⤵
        Program crash
        
        PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62989.exe
      4⤵
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12294.exe
        5⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        6⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
        6⤵
        
        PID:8868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        6⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1723.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1447.exe
        5⤵
        
        PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65060.exe
        5⤵
        
        PID:8384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        5⤵
        
        PID:10516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 228
        5⤵
        
        PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe
      4⤵
      PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        5⤵
        
        PID:6468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 228
        5⤵
        
        PID:9076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 228
      4⤵
      Program crash
      PID:5568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
    3⤵
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
      4⤵
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        5⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        6⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34778.exe
        5⤵
        
        PID:7532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        5⤵
        
        PID:10580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        5⤵
        
        PID:8328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        5⤵
        
        PID:10384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        5⤵
        
        PID:11568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20201.exe
      4⤵
      PID:5280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
      4⤵
      PID:7664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
      4⤵
      PID:10824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
    3⤵
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
      4⤵
      PID:3896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 224
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8952.exe
      4⤵
      PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
      4⤵
      PID:7996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
      4⤵
      PID:10548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
    3⤵
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
      4⤵
      PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
      4⤵
      PID:9124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
      4⤵
      PID:10136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 228
      4⤵
      PID:11820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
    3⤵
    PID:5720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
    3⤵
    PID:8128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31879.exe
    3⤵
    PID:9944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56844.exe
    3⤵
    PID:11276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51744.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28552.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 248
        10⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        9⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        9⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38492.exe
        9⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
        9⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        9⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52668.exe
        9⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 248
        8⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
        9⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 228
        8⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
        7⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        7⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44903.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55874.exe
        7⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        8⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 220
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        8⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        8⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        8⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
        8⤵
        
        PID:12812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22771.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        8⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
        8⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        8⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
        7⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        7⤵
        
        PID:12888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        8⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 228
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        7⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35263.exe
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        7⤵
        
        PID:11440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        7⤵
        
        PID:11948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        6⤵
        
        PID:5676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 248
        6⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 200
        6⤵
        Program crash
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45251.exe
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
        6⤵
        
        PID:10032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        6⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16108.exe
        5⤵
        
        PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47316.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
        9⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        9⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
        9⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        8⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59379.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        8⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59688.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
        8⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
        8⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        7⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 228
        7⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        6⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 224
        7⤵
        Program crash
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        7⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 248
        7⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54250.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
        6⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18512.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58506.exe
        8⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2599.exe
        7⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        7⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 224
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
        6⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        7⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 228
        7⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
        6⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        6⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9922.exe
        6⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        5⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        6⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        7⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 228
        7⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        6⤵
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        6⤵
        
        PID:6684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        6⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        6⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65218.exe
        6⤵
        
        PID:11520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        5⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        6⤵
        
        PID:7108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 228
        6⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
        5⤵
        
        PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52485.exe
        5⤵
        
        PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        5⤵
        Program crash
        
        PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34868.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
        5⤵
        
        PID:2644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 224
        6⤵
        Program crash
        
        PID:3868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 248
        5⤵
        Program crash
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
      4⤵
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        5⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13804.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:9084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38989.exe
        6⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
        6⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        5⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
        5⤵
        
        PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        5⤵
        
        PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
      4⤵
      PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21727.exe
        5⤵
        
        PID:9836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 248
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
      4⤵
      PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17508.exe
      4⤵
      PID:11240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
      4⤵
      PID:13060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        7⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        9⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 224
        10⤵
        Program crash
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        9⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 224
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40259.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        9⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40743.exe
        9⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        9⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58075.exe
        8⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        8⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62356.exe
        8⤵
        
        PID:11920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 224
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        8⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        7⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
        8⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        8⤵
        
        PID:12364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
        7⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35070.exe
        7⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        7⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 244
        8⤵
        Program crash
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        7⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        8⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 224
        8⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
        7⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        7⤵
        
        PID:9980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61687.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        8⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        8⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 248
        8⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        7⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
        7⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        7⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 244
        7⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56201.exe
        6⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        6⤵
        
        PID:11008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        6⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
        6⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56980.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 228
        9⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40062.exe
        8⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        8⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        8⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        8⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        8⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        8⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
        7⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        7⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        6⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 244
        7⤵
        Program crash
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        6⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224
        7⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        6⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        6⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        5⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        6⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 224
        7⤵
        Program crash
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        6⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
        7⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 224
        7⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33185.exe
        6⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        6⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
        5⤵
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 244
        6⤵
        Program crash
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        5⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
        6⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7628.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39151.exe
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
        5⤵
        
        PID:12108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 220
        6⤵
        Program crash
        
        PID:1356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        5⤵
        Program crash
        
        PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        5⤵
        
        PID:2324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
        6⤵
        Program crash
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39268.exe
        6⤵
        
        PID:8356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        6⤵
        
        PID:9948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        5⤵
        
        PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        5⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        5⤵
        
        PID:11816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        5⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        6⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        6⤵
        
        PID:9444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        6⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        5⤵
        
        PID:12896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
      4⤵
      PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        5⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45298.exe
        5⤵
        
        PID:8800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 228
        5⤵
        
        PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
      4⤵
      PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
      4⤵
      PID:9020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
      4⤵
      PID:10312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
      4⤵
      PID:11704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8350.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        8⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14846.exe
        8⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        8⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        7⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
        7⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        7⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8189.exe
        6⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        7⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        7⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        6⤵
        
        PID:5732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 248
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        6⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        7⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4432.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        7⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        7⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        7⤵
        
        PID:12468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        6⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        6⤵
        
        PID:12636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        6⤵
        
        PID:9580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        6⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        5⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        5⤵
        
        PID:9520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        5⤵
        
        PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25102.exe
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        7⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 228
        7⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        6⤵
        
        PID:5632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        6⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        5⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37592.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        6⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        6⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        5⤵
        
        PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        5⤵
        
        PID:10368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23928.exe
        5⤵
        
        PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
      4⤵
      PID:3032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 224
        5⤵
        Program crash
        
        PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56970.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        5⤵
        
        PID:8924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        5⤵
        
        PID:10320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        5⤵
        
        PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
      4⤵
      PID:7296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1092.exe
      4⤵
      PID:10184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
      4⤵
      PID:13100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46529.exe
        6⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        7⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 248
        7⤵
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        6⤵
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57337.exe
        6⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        6⤵
        
        PID:10304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe
        6⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48615.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        6⤵
        
        PID:6800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 244
        6⤵
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57451.exe
        5⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        5⤵
        
        PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64385.exe
        5⤵
        
        PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1152.exe
      4⤵
      PID:1652
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
        5⤵
        
        PID:9196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 224
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42778.exe
      4⤵
      PID:8068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
      4⤵
      PID:9900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11134.exe
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55175.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
      4⤵
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        5⤵
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 224
        6⤵
        Program crash
        
        PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        5⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
        5⤵
        
        PID:9892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 244
        5⤵
        
        PID:10928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
      4⤵
      PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        5⤵
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
        5⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        5⤵
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        5⤵
        
        PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57825.exe
        5⤵
        
        PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
      4⤵
      PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
      4⤵
      PID:8028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
      4⤵
      PID:10892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 244
      4⤵
      PID:12908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
    3⤵
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
        5⤵
        
        PID:11188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        5⤵
        
        PID:12684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      4⤵
      PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
      4⤵
      PID:10004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
      4⤵
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
      4⤵
      PID:12980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
    3⤵
    PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
      4⤵
      PID:6284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 228
      4⤵
      PID:8744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
    3⤵
    PID:5952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
    3⤵
    PID:7232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
    3⤵
    PID:10152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
    3⤵
    PID:11176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20863.exe
    3⤵
    PID:13048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
    3⤵
    - Executes dropped EXE
    PID:1716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
      4⤵
      Program crash
      PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        6⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        7⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 248
        7⤵
        
        PID:7388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
        6⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14489.exe
        6⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
        6⤵
        
        PID:10992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        6⤵
        
        PID:12556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 228
        5⤵
        Program crash
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
      4⤵
      PID:1256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 224
        5⤵
        Program crash
        
        PID:3476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
      4⤵
      Program crash
      PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        6⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        6⤵
        
        PID:11556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 248
        5⤵
        Program crash
        
        PID:6084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 248
      4⤵
      Program crash
      PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
    3⤵
    PID:1908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
      4⤵
      Program crash
      PID:3424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
      4⤵
      PID:7016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
      4⤵
      PID:8920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 228
      4⤵
      PID:10756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
    3⤵
    PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
    3⤵
    PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
    3⤵
    PID:9136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
    3⤵
    PID:10860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
    3⤵
    PID:12000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2356
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 188
    3⤵
    - Program crash
    PID:1292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
  2⤵
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
    3⤵
    PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
      4⤵
      PID:5964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 248
      4⤵
      PID:7356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
    3⤵
    PID:6036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
    3⤵
    PID:8124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
  2⤵
  PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
    3⤵
    PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
    3⤵
    PID:8304
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 224
    3⤵
    PID:10132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
  2⤵
  PID:5552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 244
  2⤵
  PID:8076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe

Filesize
184KB

MD5
e40ada361da1dada469722fb0824b62a

SHA1
4f9a92e8dff26e61e3e70916be4204547fba00b4

SHA256
df890cd3c7068c1a458f42c7f06316888dd742c8e34bf9c72bb54e7c09b76332

SHA512
710ca5358e7e66b4a85b3b26cce25fbae5a7933f937c6acc9b71c4a0ef99bf1a198605380574317fffa5bb9b46b9c3e595d6559ed9b1c3a5d64726868128feeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe

Filesize
184KB

MD5
324e8b6a887fe8cc7be941ebc7d783c4

SHA1
13ffa0db19b5cd99bb2a34b53d7b153f21b71f3d

SHA256
6247ce18a618afc079d6ecd9e80f27bc5ac8202c217cdf3319db30c58770c5b8

SHA512
82c82b267e80b141a9166cea5c35c18f9240b4bfec9ae681c7dbf21db85a5776d92cd06a54ab976b329b0a28af46c97c08266e018b74767f6268bd6c1517f5b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe

Filesize
184KB

MD5
3f47f8eccf6db70dec344d7d8d191cbc

SHA1
18771a9c298b1571a1f69055b6637efd542f86b8

SHA256
5e0ef62f7a1d6389afa3dbfcb7b2db9151215d2c2c7041451befff4169b6e24f

SHA512
6568b66032bc6fc5f5fb1c1313883ecef133aac42cb1550a235c9a604ba321424f263fb79452ee96f129d764e5a0d791a5c1191e3cac18451b08d7e54ce079dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13601.exe

Filesize
184KB

MD5
cf102728d4762460d9687b09528243cc

SHA1
708d83b28df1cf2069598171df7aa617f4e669b0

SHA256
197cfcdac9ad58982f28a7cb25b23d1d485fef35bde8f6d3be222e5835998a5c

SHA512
d2136fe537a026024edc7fd43f08678c73b88a8ff525b29d5bfe6f76811a1dbfa32a09c8bdada92430d6ba2ba50701ca732e8185586fb35d03c2fb5529cf81b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe

Filesize
184KB

MD5
98c8bcf8355550fc50c6f90ffde03d0c

SHA1
5d6ea61878104aa7ff0f8b044536b2aafab538dc

SHA256
370cc236ddef2b3349f96460c7ee88ec63c9c338a6773a08a7a7be6319680662

SHA512
0a501dcff2d5b98a837f2c6eba2dfcc826cd8543805ec5fe2e6f918fed680ee249dc44e5fe56dc15290923a61e371c56230977ee7c09efce22fd1fecdc4d94f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe

Filesize
184KB

MD5
c22bddde72a579ec857d078c34d67c81

SHA1
5c6e18966c7787de75a6e3f67d0a72fad6760128

SHA256
31723e4ce7bcdaa59b5a72bdd9dc8c30597f5da5abdd3623ee96dd440d3b6955

SHA512
78a816f57d040cfa643cb9dfc355bc82da9e832d1c3199167c3873b74d3b0b93c39b679652d20453c50e46593ac37d38dc8bbcf7d99f6ad2b0af9a0a785ca244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe

Filesize
184KB

MD5
f8c84250e308ae7555e278f880f1bdce

SHA1
cec21c44d9734175bf05cd7939a7780edf93716c

SHA256
b0dda0d72ab80123ff831c6d86e8556de3e14847114288d313e45b0793793d24

SHA512
505cd38e0421d8e87eff6da31e41d863853acc40f07aef4d9340132998336c82e73bcea4fb38b1dc15a5523416338136a0978a82b5dc4ea2e93f28051f258eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe

Filesize
184KB

MD5
2c44329d9f66e3da2b61d4e530a2d2b3

SHA1
019ad06fc22f6e4b433d43055fb8e18642527610

SHA256
c48bd9ae0ceebbf1bb133ca500d872ae1fb5627f635b1dcbeafad07c296b6a7d

SHA512
92310fb0f8e69341326534bfbc396e3a90bf57187d1f3483185656c499cbf00dd49c18a53d44c84103d92d8701874254c68d85b5d53d509c1d6b396f9adeaeea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe

Filesize
184KB

MD5
7b57c8e1747b5ee16339b980803360b8

SHA1
62bcce723e2a2445799545442bb961e41933ffee

SHA256
05d2514963c6b63ed9459af38873f15e27b346cdbdcb5b3c494666e68af2560c

SHA512
067a1bd5e47b5d7a2f545ae48f9370aecec71eb513377e6b5611642532820fd5253781ad1ef221882be15251464e470f83c08b06ac54f1086f2ba937b4b25949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe

Filesize
184KB

MD5
ababeb817cbf3c66ffdb9dda80f42d7d

SHA1
734532c982cf3dca2c28cd48acb0029b5926c5d0

SHA256
c16d716f6edbc2d31c96e3f188b9e9bf576dc415af4dbd1b6124f98eca0f75bc

SHA512
295ad63c2509f3f6b4345180552e26517956575c6392ceda1157088ce5517b42fce90b9a3d9b40d03b4621b3caf87afc972ebc586b2b08b6a99d49beefac9718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25663.exe

Filesize
184KB

MD5
691f75e5763f0826ba3a39d1cfc526fe

SHA1
af897b993c46c7b027ff82efad4ea7b87708ed64

SHA256
bd637cb0b15f9780e3a13009409f654ff58ed69f5b4b1b738878219a1b4c8a94

SHA512
e92702c0eab2575fae1c5ca5625c4f4c2a6d8c74ad0a4b3b6c99c8619783dd25b1224e3407ce36410de612e4c3483c3464ff944e8e6e7c233424b2429a57c5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe

Filesize
184KB

MD5
2cd5d0c201fc792065a50fb8f0a4c965

SHA1
5e72d6b8dd20a82936d481705b97f2f4f7f3dcd8

SHA256
ce3d743289a51c16abccbe756e444a6bef92cb7291390cb4f98a4af80cf9411a

SHA512
12265cd5d76e608918390c036d439a71d5f5c10ab857ad24bb8495e042c44615db0bc80c4b583e1d0929d5f387042a9548f225819ee70ee568c858b9719c2fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe

Filesize
184KB

MD5
c62f253701181dfea4783ac05761861c

SHA1
378c348a502bd78eb006845f837515ed85fce68c

SHA256
181a8c03af9bf49e348d97c9c730d46553a5aefc92c3c1c705152e1d32ef6177

SHA512
775362d88274d7a246821e366ea519eb8233e2437bc70f7fbae82be855a3baf1fb45bf8934c2af80b7dbf7b62c0de2d6e51f0dace5295c70c65b1d489072270b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe

Filesize
184KB

MD5
d76af62f82f8e47fa2c1055f75193467

SHA1
9a2bae4a8ff603ab4bbc8b80be3af5d8ddd6fa23

SHA256
9c8ce97267a8d1cbc009609e96928a0149d5a9330ffd12d71364e1cbf2b43086

SHA512
a2322102cf9fd4239f1774232121870a4d4621db71424487fb8dde05bc3d72d8fa618926357301d48db904360d5920974adf7b729677cc0079934593f8ab892a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34068.exe

Filesize
184KB

MD5
fcabe621180c21ebe66ca957ceccb4d0

SHA1
cf7dd25b4ffd5553e6c9cedc372911e41b200227

SHA256
21881a8c8df6f64d65f284f42b74dc433e1133bb8fc58384f76933d77b83c932

SHA512
f22c699a44024cb08b8a3a886a895368eb4dc2309c27c9bdcdd3714600df14c63a44287a97aff84d65ee749502bcd6cf75795c8d00a6ff34998fb4d2725d8943

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe

Filesize
184KB

MD5
5de1d816b681f84d5f51a044f318ed63

SHA1
30e59365df1df117678e29f040b8bdc6f0253aff

SHA256
c6371b3f7e9b1c9c922d022ed16c81bd2c149b2e68c0d0f100b3d8418fab6481

SHA512
58d27cfef7f0025566c39e628e36a9a74783d27af072979864cced23ae507c15b1eb2c17e15e002e4fb23fdc00ced59848dfb76991cc5c4bf74b30fd254911f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe

Filesize
184KB

MD5
6b3223001c8a3769e5a3b22f5766c5e3

SHA1
c0283f7f026877db63f9b258015754c48d8b85ae

SHA256
74d8c9bb7ade018641344a5240ea0dd1bd7ad41a72f345a5778f78e61247eeb5

SHA512
0ed1336c997531579efc6c5091b82b14db29a91732e73e590bd0f33a19e547e18d9559bf520c18857994614b63d6e094ab3b3ef3f92cb1ce1f6d2fccd186a1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe

Filesize
184KB

MD5
5e47b16e1511f67b0919ca2068e52dec

SHA1
aa1f4098e9cdf7e5080a477684061312e8688f1b

SHA256
4cbf8acb39b111170edfcb83c92230b5fee050f568d95482a6f92a82693d20fb

SHA512
87b764a265f055f0505d096e902f9fcfe5bcaa9e796465ab22a2e7f24dd925bf5518d3dc846c672073339b157a18fda4393c97098422a107e69d1fae1e700cfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40238.exe

Filesize
184KB

MD5
ff0d8420bbe6b51e670543a044ab85aa

SHA1
6f204c2652890ba4cdd7984acfc6e114ea4935a5

SHA256
65f3be1daa17f6e595dad4958f096aac5433e8e2383c7b286bd88ceb307947f7

SHA512
039243f719c16abf0d7b7571cf62e826abf6980961d805caaa5e35f87b15754c5db2f092b0e22b0910d6cb74f4098e6eb3d236c0c793dbdac9de082211d9ae13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe

Filesize
184KB

MD5
b2663fa8214e5ff4338990ca45fd159e

SHA1
4af0b9de20556e2aab3405b09295feb74c57e727

SHA256
02d6eb72e6446af712154bb803735214672afe616c14e23cecc35721c7ba7efe

SHA512
71f9649dc12154951a4f0966bc87649fd5f70837bbf3c02a8d81db6f23a463ad7f433ba2554e6eadcafdf91f3e16a7df91e7e5186eddbe67148ff1c0495fbe9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe

Filesize
184KB

MD5
5f000e3cb0d85ed8ce544db3a64a39f3

SHA1
fa67121337d7bcf085a5d2668907927655b2fa90

SHA256
cb32569fff6d72666f2e9eb2c4467458e6299985e491356da35baf90f5577f46

SHA512
efb0ae1cb8c22ce8bd03483d3b6a64c8f1a1f28d7636afe9415089f1ea014bcfd550dd36eeab3c05e73ee9d545085c69689ee979296d487c8751c1189496d5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47005.exe

Filesize
184KB

MD5
c2252abe86590a1b6530a6649dbf93c4

SHA1
7ff5c3c3fdfa03ada3ef51583816545b502f024e

SHA256
8ebad41f559eaa58049ebb39e52f3cbacb36cce7d9554a90ec03e38c7c0daa51

SHA512
6accfdc56368c2f304417fcc1b529196b39b7fc6fc172bc3359fb50731919074980e3a4baa62ebdca2629a9c4814a772907c44a64cbc081adbeac6233e9b5348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe

Filesize
184KB

MD5
f3ab30f7635fba7cafcbda13da3da3f4

SHA1
076f12f02450606850998e961c3c1d5ff5b1199e

SHA256
ba4980e0419b6a657f3dd9a5f42155418c37895d70fb7e5833ebd63a6bb1897c

SHA512
f5d5253771929a14864aa4813d7e084178bae6979b0a9c20227a554f6da57828e01e9dbf2c72311b14b7ac5c5d09532164a9e531445133492e9fe1713566fddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe

Filesize
184KB

MD5
655f53533003fb32055b2e30b1095b16

SHA1
dcba1c2b2ee0ee2de63fb91e28fa7d8487f7d9f5

SHA256
e0923e59a56892491f3bcae2fd81952c780fe7d35574319eea1a7bd0c1699a30

SHA512
e0cd5f2c5c32a138ba9798aabd4c996d5a3145cb2b2665f5e0288e7977f53fba0a44266db5fa7a55b83329cacdebbbac39646dc1d6e287501eda2552c272aade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe

Filesize
184KB

MD5
6f10ecf02cf69ae9eeeddd6bfa138ecf

SHA1
1aa3f92c6d8ccefd06f018f966cc6d9998d7c6d0

SHA256
926f68b48555ebfceaa45784c772ee9409382b401701f5c9cbdd7956b739b71d

SHA512
5f8927fc0c81fc614177f27ce6ace16538e2db658442b0f3a4527d9b9fd6b157471fbe74b9d5d86240e5674333ca8d7b06e78eab2de76226b836e46bb8d97e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe

Filesize
184KB

MD5
65daa5f816269be66585684e476d8bab

SHA1
9dfdfa8280a3ee7ff1fb8ad7c4886fac9c18ddb9

SHA256
28ba6eba1f0d1302d50ca3f69e2acda043b759085eb55ae3a88d1a1d40680cf1

SHA512
3dcbeeddc7a78a684cc57b637b7a183e9820fd74bdf7975724a5ef8e0f1905d518e94ae66e2fd3a8aaf30a860914ae2d164ecb86dce953c81ded19a98a66778a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe

Filesize
184KB

MD5
6cee11f589d50128a6d222cb51676e14

SHA1
ccead7db7aae00c2e2d26ee8ada6a834d3d1c932

SHA256
30d173ddb2919140e37c8f44964d67575408483188d84c9388932b0b9cc184b3

SHA512
aab0ee1860d0a5b1716f80c6a3d01b45b0a818a66693eea83d3744aff942c8f4293cd09285741928daed5e04fb1e1963d05ea008fc13049dbefd63fa9ad2be38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe

Filesize
184KB

MD5
4fa31e8611521b9906b84fdb58650320

SHA1
842820c639fb4a8116ee5eaf3797ed17817ea466

SHA256
d0009ac071275bf7fb7e416a234eb4188954c444afdfb1aa5e9c8e3aebe837b3

SHA512
71a0ad8a33eae7d4431367cf1b729e59b3a853f8d22892dd8365ff691cc8f2cd76f4ad79566551e6d19ebe541b75913f164c25edb2f2c4055da3729728aaf82a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe

Filesize
184KB

MD5
bc2858e270c374d26f66954cc3e78ebd

SHA1
2800bcb1b6234abfbbee4c4498d402570160a6d0

SHA256
aede5a6c61fced62fdb2c3ec2a8a1c5a8cfc5cc399ef03dffd2b4be83a895000

SHA512
8d4e57b4732259b73e19c01c0d1c121016ffa625090c1b435b168e5fddc03450d960456921a60b7dfe9cc98dc0c521fba5d5e1c2aa471da9ed35572a085c0d82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6863.exe

Filesize
184KB

MD5
1269f49a4a6bb27f7cc5766a0b4fef54

SHA1
72ddaa16823808f37a93b374b217e6abea3e45c6

SHA256
2c66722e737141f31a7188414cadc1dd895db13275dd0f258afbd46c269e4606

SHA512
ba724dde98a785f4df1b7b9700f4da649512da1cb2c0715d882dcc9fed0a28f086ffb07857417fe5f4cb6394969cde9cc01f20f07a130a849859db28e3c0ab7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7058.exe

Filesize
184KB

MD5
8f048db91e86595df0c10590826e9bbb

SHA1
2602410b158af20cc2f057b0b90559f45f3cd9f4

SHA256
dfa74c83eb2b0a62179c14153130fec1322421df8ede6f834fa1e83e20ad1e9f

SHA512
279e11d9ce0748aecd011d6393f6688fe0cef266836015354e7398f1c1480ccf6b26c1992a331f296f45ff597e72b69d70a71aa5ce91034f918c081f519dc047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe

Filesize
184KB

MD5
be481e08f08b3382b7b434b6b52d6de2

SHA1
485af17556343ac444cc24b9bce1f77dd5e48dcb

SHA256
72bc34067d96c62a52393430627c8e1020cf93cfba59afacd178733fe347c529

SHA512
e90895bb7751ae77687764749f38f5e719e9a885e1756f6c778291e8d75a1da327ab6d65617b2f94c34886c4941b13964e918907623c724c3f7700f79faabad1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe

Filesize
184KB

MD5
465983dccc0efbcbec2db672d25187d7

SHA1
aecc380cede7d1c2cf8eae51ef700d2e9bcadfa3

SHA256
d53c5070ef4c2e3b51faa12c34719ba3ae0a71b4a66b6e18901e3d011869cb64

SHA512
94f614bc45b2557f874cadbce2332e1cec1d37fec793152b035f4e6c7ff0034533dd57cd383117219b2a69ce31497b12e023c249daf7c3e32d1eddb085e28c0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22201.exe

Filesize
184KB

MD5
3b4bf97f10f1d5139498c09cf96a0336

SHA1
52fb0b199a8f45d9597c24ca3a356e1eae335e93

SHA256
219c415dde7f45093ae311c5ca4f9262f21295fc8dabc5aa0ddc15634db05aa3

SHA512
b7a6c759330d25dab88faffc42e3edcf09918e54c9280ceb17ff91b7d28556cb708e84ebd48e18ffaf8c36fbb9b3aad8944f9cf937947f5025805be3126aad4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe

Filesize
184KB

MD5
02257843dbabf4b858aa9682f88784be

SHA1
ca3bc7cbd32a74702dcae8e4e8c0dbf5fb822542

SHA256
fef6265d047be66825bd0ce5a51e01039d143015f777730313b04ecf81dfde56

SHA512
45e125960f5fcbcf0dab5f5dd32a66ebbcae00b788540b7192fb53cb17725722389817ca29f43351f542aa10f47105537245b035f28122ce29d972b2a7839269

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe

Filesize
184KB

MD5
58b4b132e820dc2227a4d65c10e936b6

SHA1
5ccfa70de3d9437fb57351c1d0be181d343f98ad

SHA256
0567c13204d8d63ff81be18c3268095a0e8b1a4800bde4197fae2bdd38d75730

SHA512
82cd128ddeb6d916dfb01c96022a6aafa80c9d5c9ef5e22289351ff634b47e6cf2b6da81433d4c3135b9e0b28ac893fc1e10a2281bf52219560fe388d88ddb49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe

Filesize
184KB

MD5
208b001b735e780a06d2303c445dd88c

SHA1
bff9a0e318ebcc585ff32e86919074219e0a541c

SHA256
64b50ad5e7c02a2356c2f3e7c2913efc46447d939a1b39a8b6b815f34f98de3e

SHA512
d9ddb2a3ee4230149fbd93d554728d2c08c288c46897437be04caab16da8c35e909903e96bbfe04465ad44e1665daab2e35c5f2cd97c75275e4a0629aaf77fb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe

Filesize
184KB

MD5
a76330447fca235ad7f36c049946acf2

SHA1
8609427e7438afc0c60dd73caa6d85b56871e610

SHA256
4f565409caa925ec701a61c2c8362d755f45fae64aa24a95a62432679d18f799

SHA512
901d0b9a8224ebf68543476939c09e3c601696675fdf0086731d600b8d37b2ad46daa8ab84c7749f3e6354d187ae9b489252e4714b6f1ed57f45ed712c77460d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe

Filesize
184KB

MD5
3c2836896c261e544a3ab9cbd3f895cd

SHA1
ed9cc7f534edc9f15d5d9e8030a57feed0232e42

SHA256
1d2aea2935dda0cf061ec195e892459f98fdf5653e18f7ef9e1aad1ec506d2a9

SHA512
33bc88ebef1037427a72177c7513433f71998997f8dfa5dd755548a19e164867e962d039d79dd07b2cece5820b4a00f37cd41e40e9e0bdb44e51bbbc1e7199d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe

Filesize
184KB

MD5
89fecb7c8e093424b43255d2a49be9e4

SHA1
2a3f6e7d55cb2763e46b82f688c9b00dc033671f

SHA256
1126e23f306f6ee2b3f4434938fcb8b10effc65a8e5074e81a483de4a9fc280c

SHA512
026da36a14b3e033e615865ddf2801738120763a0dd65897820ec4870dd4f4033ae316bc4e80f557f2757c40ced1d01f4d28e021505b39d9014e716d763353e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe

Filesize
184KB

MD5
8ffa0db216084cbf56c4ded710a815a2

SHA1
206fb6b3f05e1af79ba4c8a90e0ed81bca3ce99f

SHA256
fc809d12b885eb1659f04343c0c6b707132c2929d897045efdb948cfafb6787b

SHA512
a0662bc3c39c7c1446e0056281b6bdcfb5a794d5fe34938963a088570e6adad092b6f87e68ee589b25bcd620ac39d1abd6623c1e21af6d3b262fc8df3ce83ed0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe

Filesize
184KB

MD5
e5a2422e55d8e9c71fd1b1980824c891

SHA1
76d64ebb0ccc62574e23b5a2a4128385c2e04d51

SHA256
99f0be32fbaf294b49161961734bc9aa77489119080d2f069a4e234d651cce36

SHA512
594574a2a1f39f2514ca66c070c590362cdb46a603d7ca94c8e9890240ed28c0fcd424888aeb3225b6bd2ecea177f3f77575c09dd0c82a85c6b42d32e23c98da

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads