9a5897baba4e2fd761b8ab7581344622fac5a1aed0bca6263550af68da0e8bd3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 09:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

089cc58eb536964b39e715df1a6411e0_NEIKI.exe
Size

184KB
MD5

089cc58eb536964b39e715df1a6411e0
SHA1

79f9be300bef93a6044fb139c4cd0661a2a549ac
SHA256

9a5897baba4e2fd761b8ab7581344622fac5a1aed0bca6263550af68da0e8bd3
SHA512

5bffdaa83bea1027086d201a24c842a54e2008423e84675ddb04a4a8ec3d8f72f6dd42a55c567eb38e51854bf15dec4de02f72c0a4a4f4da6b01aa50eebf041f
SSDEEP

3072:EEo18hoLKh1SdURtWtaMzDillvnq7CtuL:EE7om+URTMPillPq7Ctu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1228	Unicorn-42313.exe
2284	Unicorn-1124.exe
2380	Unicorn-20990.exe
2620	Unicorn-57035.exe
2788	Unicorn-54989.exe
2800	Unicorn-49422.exe
2512	Unicorn-3750.exe
3016	Unicorn-27508.exe
308	Unicorn-15810.exe
3004	Unicorn-60180.exe
1316	Unicorn-2811.exe
3056	Unicorn-63999.exe
316	Unicorn-62218.exe
2404	Unicorn-64264.exe
2744	Unicorn-52567.exe
1532	Unicorn-31758.exe
2112	Unicorn-15976.exe
1908	Unicorn-29711.exe
1972	Unicorn-35842.exe
2268	Unicorn-56262.exe
1028	Unicorn-48649.exe
824	Unicorn-45354.exe
1812	Unicorn-33656.exe
2472	Unicorn-57606.exe
404	Unicorn-65509.exe
1284	Unicorn-237.exe
1332	Unicorn-63728.exe
1544	Unicorn-54077.exe
772	Unicorn-8405.exe
2304	Unicorn-12489.exe
912	Unicorn-7643.exe
2324	Unicorn-14518.exe
2428	Unicorn-33005.exe
2412	Unicorn-7754.exe
1716	Unicorn-61594.exe
1612	Unicorn-20007.exe
2388	Unicorn-36343.exe
1984	Unicorn-36078.exe
2156	Unicorn-4033.exe
2776	Unicorn-23899.exe
2764	Unicorn-30020.exe
2784	Unicorn-48403.exe
2720	Unicorn-47641.exe
2688	Unicorn-15538.exe
2508	Unicorn-19623.exe
2484	Unicorn-25744.exe
1976	Unicorn-16093.exe
844	Unicorn-29828.exe
3032	Unicorn-40043.exe
336	Unicorn-48211.exe
3052	Unicorn-20177.exe
2756	Unicorn-52295.exe
1448	Unicorn-24261.exe
1560	Unicorn-60463.exe
864	Unicorn-32429.exe
2612	Unicorn-60198.exe
3020	Unicorn-39081.exe
1096	Unicorn-7043.exe
1856	Unicorn-56799.exe
1752	Unicorn-23380.exe
1144	Unicorn-21333.exe
1780	Unicorn-56052.exe
1796	Unicorn-48439.exe
852	Unicorn-23188.exe

Loads dropped DLL 64 IoCs

pid	Process
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1228	Unicorn-42313.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1228	Unicorn-42313.exe
2284	Unicorn-1124.exe
2284	Unicorn-1124.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1228	Unicorn-42313.exe
1228	Unicorn-42313.exe
2380	Unicorn-20990.exe
2380	Unicorn-20990.exe
2620	Unicorn-57035.exe
2620	Unicorn-57035.exe
2284	Unicorn-1124.exe
2284	Unicorn-1124.exe
2788	Unicorn-54989.exe
2788	Unicorn-54989.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
2800	Unicorn-49422.exe
2512	Unicorn-3750.exe
1228	Unicorn-42313.exe
2512	Unicorn-3750.exe
1228	Unicorn-42313.exe
2800	Unicorn-49422.exe
2380	Unicorn-20990.exe
2380	Unicorn-20990.exe
3016	Unicorn-27508.exe
3016	Unicorn-27508.exe
2620	Unicorn-57035.exe
2620	Unicorn-57035.exe
2284	Unicorn-1124.exe
308	Unicorn-15810.exe
2284	Unicorn-1124.exe
308	Unicorn-15810.exe
3004	Unicorn-60180.exe
3004	Unicorn-60180.exe
2788	Unicorn-54989.exe
2788	Unicorn-54989.exe
1316	Unicorn-2811.exe
1316	Unicorn-2811.exe
2512	Unicorn-3750.exe
2512	Unicorn-3750.exe
316	Unicorn-62218.exe
316	Unicorn-62218.exe
1228	Unicorn-42313.exe
1228	Unicorn-42313.exe
2744	Unicorn-52567.exe
2744	Unicorn-52567.exe
2380	Unicorn-20990.exe
2380	Unicorn-20990.exe
2800	Unicorn-49422.exe
2800	Unicorn-49422.exe
2404	Unicorn-64264.exe
2404	Unicorn-64264.exe
3056	Unicorn-63999.exe
3056	Unicorn-63999.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1532	Unicorn-31758.exe
1532	Unicorn-31758.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2824	2472	WerFault.exe	51
2524	2112	WerFault.exe	44
2544	1812	WerFault.exe	50
2580	1284	WerFault.exe	53
1868	316	WerFault.exe	41
2872	2800	WerFault.exe	33
1516	2484	WerFault.exe	77
1608	336	WerFault.exe	85
2880	844	WerFault.exe	80
2752	3056	WerFault.exe	38
2928	1144	WerFault.exe	94
1776	1960	WerFault.exe	126
1924	2684	WerFault.exe	110
2604	2560	WerFault.exe	109
1644	2204	WerFault.exe	98
848	1716	WerFault.exe	62
1264	1028	WerFault.exe	48
2168	1628	WerFault.exe	113
3328	2396	WerFault.exe	120
3392	3020	WerFault.exe	89
3580	2192	WerFault.exe	137
3908	1664	WerFault.exe	146
3912	1820	WerFault.exe	155
3568	348	WerFault.exe	161
5068	3996	WerFault.exe	305
4160	2612	WerFault.exe	88
4376	3092	WerFault.exe	229
4944	3592	WerFault.exe	214
6024	1184	WerFault.exe	196
5236	880	WerFault.exe	163
5380	2764	WerFault.exe	68
5856	3220	WerFault.exe	201
5424	1316	WerFault.exe	40
5864	2040	WerFault.exe	129
5916	3460	WerFault.exe	236
7032	1496	WerFault.exe	119
7064	4212	WerFault.exe	319
6604	1780	WerFault.exe	95
6632	3640	WerFault.exe	239
6712	3368	WerFault.exe	234
6232	2288	WerFault.exe	169
6452	480	WerFault.exe	159
6872	2024	WerFault.exe	162
6844	1648	WerFault.exe	185
7196	3068	WerFault.exe	188
7624	1804	WerFault.exe	149
7840	2980	WerFault.exe	105
7960	3276	WerFault.exe	296
7996	2460	WerFault.exe	160
8088	3376	WerFault.exe	312
7888	2656	WerFault.exe	134
7224	4092	WerFault.exe	248
8072	3200	WerFault.exe	238
8076	3296	WerFault.exe	233
7580	3120	WerFault.exe	249
2416	3188	WerFault.exe	279
8272	3316	WerFault.exe	203
8264	3144	WerFault.exe	230
8488	3268	WerFault.exe	202
8508	3124	WerFault.exe	265
8720	2812	WerFault.exe	133
8800	2464	WerFault.exe	122
8504	1136	WerFault.exe	144
9168	3000	WerFault.exe	151

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe
1228	Unicorn-42313.exe
2284	Unicorn-1124.exe
2380	Unicorn-20990.exe
2620	Unicorn-57035.exe
2788	Unicorn-54989.exe
2800	Unicorn-49422.exe
2512	Unicorn-3750.exe
3016	Unicorn-27508.exe
308	Unicorn-15810.exe
3004	Unicorn-60180.exe
1316	Unicorn-2811.exe
2404	Unicorn-64264.exe
316	Unicorn-62218.exe
2744	Unicorn-52567.exe
3056	Unicorn-63999.exe
1532	Unicorn-31758.exe
1972	Unicorn-35842.exe
1908	Unicorn-29711.exe
2112	Unicorn-15976.exe
2268	Unicorn-56262.exe
1028	Unicorn-48649.exe
824	Unicorn-45354.exe
2472	Unicorn-57606.exe
1812	Unicorn-33656.exe
404	Unicorn-65509.exe
1284	Unicorn-237.exe
1332	Unicorn-63728.exe
1544	Unicorn-54077.exe
772	Unicorn-8405.exe
2304	Unicorn-12489.exe
912	Unicorn-7643.exe
2324	Unicorn-14518.exe
2428	Unicorn-33005.exe
2412	Unicorn-7754.exe
1716	Unicorn-61594.exe
1612	Unicorn-20007.exe
2388	Unicorn-36343.exe
1984	Unicorn-36078.exe
2776	Unicorn-23899.exe
2156	Unicorn-4033.exe
2764	Unicorn-30020.exe
2784	Unicorn-48403.exe
2720	Unicorn-47641.exe
2508	Unicorn-19623.exe
2688	Unicorn-15538.exe
2484	Unicorn-25744.exe
1976	Unicorn-16093.exe
3032	Unicorn-40043.exe
844	Unicorn-29828.exe
336	Unicorn-48211.exe
2756	Unicorn-52295.exe
1448	Unicorn-24261.exe
3052	Unicorn-20177.exe
1560	Unicorn-60463.exe
864	Unicorn-32429.exe
3020	Unicorn-39081.exe
2612	Unicorn-60198.exe
1096	Unicorn-7043.exe
1856	Unicorn-56799.exe
1752	Unicorn-23380.exe
1144	Unicorn-21333.exe
1780	Unicorn-56052.exe
1796	Unicorn-48439.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1228	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	28
PID 1936 wrote to memory of 1228	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	28
PID 1936 wrote to memory of 1228	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	28
PID 1936 wrote to memory of 1228	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	28
PID 1936 wrote to memory of 2284	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	29
PID 1936 wrote to memory of 2284	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	29
PID 1936 wrote to memory of 2284	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	29
PID 1936 wrote to memory of 2284	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	29
PID 1228 wrote to memory of 2380	1228	Unicorn-42313.exe	30
PID 1228 wrote to memory of 2380	1228	Unicorn-42313.exe	30
PID 1228 wrote to memory of 2380	1228	Unicorn-42313.exe	30
PID 1228 wrote to memory of 2380	1228	Unicorn-42313.exe	30
PID 2284 wrote to memory of 2620	2284	Unicorn-1124.exe	31
PID 2284 wrote to memory of 2620	2284	Unicorn-1124.exe	31
PID 2284 wrote to memory of 2620	2284	Unicorn-1124.exe	31
PID 2284 wrote to memory of 2620	2284	Unicorn-1124.exe	31
PID 1936 wrote to memory of 2788	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	32
PID 1936 wrote to memory of 2788	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	32
PID 1936 wrote to memory of 2788	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	32
PID 1936 wrote to memory of 2788	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	32
PID 1228 wrote to memory of 2800	1228	Unicorn-42313.exe	33
PID 1228 wrote to memory of 2800	1228	Unicorn-42313.exe	33
PID 1228 wrote to memory of 2800	1228	Unicorn-42313.exe	33
PID 1228 wrote to memory of 2800	1228	Unicorn-42313.exe	33
PID 2380 wrote to memory of 2512	2380	Unicorn-20990.exe	34
PID 2380 wrote to memory of 2512	2380	Unicorn-20990.exe	34
PID 2380 wrote to memory of 2512	2380	Unicorn-20990.exe	34
PID 2380 wrote to memory of 2512	2380	Unicorn-20990.exe	34
PID 2620 wrote to memory of 3016	2620	Unicorn-57035.exe	35
PID 2620 wrote to memory of 3016	2620	Unicorn-57035.exe	35
PID 2620 wrote to memory of 3016	2620	Unicorn-57035.exe	35
PID 2620 wrote to memory of 3016	2620	Unicorn-57035.exe	35
PID 2284 wrote to memory of 308	2284	Unicorn-1124.exe	36
PID 2284 wrote to memory of 308	2284	Unicorn-1124.exe	36
PID 2284 wrote to memory of 308	2284	Unicorn-1124.exe	36
PID 2284 wrote to memory of 308	2284	Unicorn-1124.exe	36
PID 2788 wrote to memory of 3004	2788	Unicorn-54989.exe	37
PID 2788 wrote to memory of 3004	2788	Unicorn-54989.exe	37
PID 2788 wrote to memory of 3004	2788	Unicorn-54989.exe	37
PID 2788 wrote to memory of 3004	2788	Unicorn-54989.exe	37
PID 1936 wrote to memory of 3056	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	38
PID 1936 wrote to memory of 3056	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	38
PID 1936 wrote to memory of 3056	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	38
PID 1936 wrote to memory of 3056	1936	089cc58eb536964b39e715df1a6411e0_NEIKI.exe	38
PID 2512 wrote to memory of 1316	2512	Unicorn-3750.exe	40
PID 2512 wrote to memory of 1316	2512	Unicorn-3750.exe	40
PID 2512 wrote to memory of 1316	2512	Unicorn-3750.exe	40
PID 2512 wrote to memory of 1316	2512	Unicorn-3750.exe	40
PID 1228 wrote to memory of 316	1228	Unicorn-42313.exe	41
PID 1228 wrote to memory of 316	1228	Unicorn-42313.exe	41
PID 1228 wrote to memory of 316	1228	Unicorn-42313.exe	41
PID 1228 wrote to memory of 316	1228	Unicorn-42313.exe	41
PID 2800 wrote to memory of 2404	2800	Unicorn-49422.exe	39
PID 2800 wrote to memory of 2404	2800	Unicorn-49422.exe	39
PID 2800 wrote to memory of 2404	2800	Unicorn-49422.exe	39
PID 2800 wrote to memory of 2404	2800	Unicorn-49422.exe	39
PID 2380 wrote to memory of 2744	2380	Unicorn-20990.exe	42
PID 2380 wrote to memory of 2744	2380	Unicorn-20990.exe	42
PID 2380 wrote to memory of 2744	2380	Unicorn-20990.exe	42
PID 2380 wrote to memory of 2744	2380	Unicorn-20990.exe	42
PID 3016 wrote to memory of 1532	3016	Unicorn-27508.exe	43
PID 3016 wrote to memory of 1532	3016	Unicorn-27508.exe	43
PID 3016 wrote to memory of 1532	3016	Unicorn-27508.exe	43
PID 3016 wrote to memory of 1532	3016	Unicorn-27508.exe	43

C:\Users\Admin\AppData\Local\Temp\089cc58eb536964b39e715df1a6411e0_NEIKI.exe
"C:\Users\Admin\AppData\Local\Temp\089cc58eb536964b39e715df1a6411e0_NEIKI.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45952.exe
        10⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        9⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23545.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        9⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        9⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        8⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        8⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        8⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
        9⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        9⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        8⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50500.exe
        8⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 244
        8⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        8⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39481.exe
        8⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        7⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60515.exe
        7⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63519.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        9⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49960.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        8⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        8⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 240
        8⤵
        Program crash
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        7⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        7⤵
        
        PID:9580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
        8⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 248
        8⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
        7⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        7⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        7⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21205.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        7⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
        6⤵
        
        PID:4104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 248
        6⤵
        Program crash
        
        PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 224
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 244
        6⤵
        Program crash
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        7⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
        7⤵
        
        PID:11316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        6⤵
        
        PID:6320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        6⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
        6⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
        6⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9716.exe
        6⤵
        
        PID:7656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 224
        6⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        5⤵
        
        PID:6720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        5⤵
        
        PID:8900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        5⤵
        
        PID:10256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        6⤵
        Program crash
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48253.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        8⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 224
        8⤵
        Program crash
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        7⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 244
        7⤵
        Program crash
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        6⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31236.exe
        7⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        7⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18312.exe
        6⤵
        
        PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        5⤵
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
        6⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64479.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31126.exe
        7⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        6⤵
        
        PID:6364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        6⤵
        Program crash
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        5⤵
        
        PID:3092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 224
        6⤵
        Program crash
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29757.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
        8⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        8⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        7⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 224
        7⤵
        Program crash
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        6⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28274.exe
        7⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22891.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        7⤵
        
        PID:10832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        6⤵
        
        PID:7160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        7⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        7⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        5⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        6⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54511.exe
        5⤵
        
        PID:9872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        6⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        7⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        7⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        7⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        6⤵
        
        PID:6000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 228
        6⤵
        Program crash
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        5⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        6⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        6⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5085.exe
        6⤵
        
        PID:2120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        5⤵
        Program crash
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51387.exe
        5⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        6⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
        6⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
        5⤵
        
        PID:9488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
      4⤵
      PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        5⤵
        
        PID:4936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 228
        5⤵
        Program crash
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
      4⤵
      PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
      4⤵
      PID:7476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
      4⤵
      PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44350.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        10⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 244
        9⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        9⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        9⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22143.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44911.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        8⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29718.exe
        8⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
        9⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        9⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        9⤵
        
        PID:11812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        8⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42524.exe
        8⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
        8⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        8⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        8⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        7⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        7⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 244
        7⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53976.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        8⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 244
        8⤵
        Program crash
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        7⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        7⤵
        
        PID:9700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        6⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        7⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
        7⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38646.exe
        6⤵
        
        PID:7836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        6⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        6⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 244
        7⤵
        Program crash
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        7⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47568.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        7⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
        7⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        6⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        6⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        5⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        6⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        7⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        7⤵
        Program crash
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        6⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        6⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        6⤵
        
        PID:10788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        5⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41641.exe
        6⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        6⤵
        
        PID:10120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58072.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        5⤵
        
        PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        5⤵
        
        PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        6⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        8⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        7⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41537.exe
        7⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        7⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46089.exe
        7⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        7⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
        6⤵
        
        PID:8816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 248
        6⤵
        
        PID:10272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        6⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56613.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        7⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        7⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        6⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        6⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        6⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
        6⤵
        
        PID:8916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 248
        6⤵
        
        PID:9508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22886.exe
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        5⤵
        
        PID:9304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 244
      4⤵
      Program crash
      PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        5⤵
        Program crash
        
        PID:2824
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 248
      4⤵
      Program crash
      PID:1868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        5⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        7⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        7⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        7⤵
        
        PID:11124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        7⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65397.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        6⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        6⤵
        
        PID:9548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        6⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        6⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        7⤵
        
        PID:11848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        6⤵
        
        PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        5⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        5⤵
        
        PID:8048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        5⤵
        
        PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45134.exe
        6⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
        7⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        6⤵
        
        PID:5460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        6⤵
        
        PID:8148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 248
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        5⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49929.exe
        5⤵
        
        PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
        5⤵
        
        PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
      4⤵
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        5⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62078.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        6⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        5⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37509.exe
        5⤵
        
        PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        5⤵
        
        PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45493.exe
      4⤵
      PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
      4⤵
      PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
      4⤵
      PID:10736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
      4⤵
      PID:1628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        5⤵
        Program crash
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
      4⤵
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        5⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        5⤵
        
        PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        5⤵
        
        PID:9564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        5⤵
        
        PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
      4⤵
      PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36671.exe
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
        5⤵
        
        PID:11380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
      4⤵
      PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      4⤵
      PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15289.exe
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58289.exe
      4⤵
      PID:10316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        5⤵
        
        PID:5832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 224
        5⤵
        Program crash
        
        PID:7196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31764.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
      4⤵
      PID:7556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
      4⤵
      PID:10684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52478.exe
    3⤵
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
      4⤵
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
      4⤵
      PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      4⤵
      PID:11200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50007.exe
      4⤵
      PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
      4⤵
      PID:8892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 224
      4⤵
      PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
    3⤵
    PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
    3⤵
    PID:8140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
    3⤵
    PID:10060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
    3⤵
    PID:11540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        10⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15800.exe
        10⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        9⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        9⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        9⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        8⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 224
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47728.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26239.exe
        9⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        9⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        8⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
        7⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4516.exe
        7⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 244
        7⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61631.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        9⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        9⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        9⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        8⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 248
        8⤵
        Program crash
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        8⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        8⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
        7⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        7⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        6⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 224
        7⤵
        Program crash
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38865.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        6⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        6⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        7⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3696.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6118.exe
        9⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12300.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        8⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        8⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        8⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        8⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 244
        8⤵
        Program crash
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
        7⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        7⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 220
        7⤵
        Program crash
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
        6⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        7⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        6⤵
        
        PID:8040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 248
        6⤵
        
        PID:9436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 244
        6⤵
        Program crash
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        5⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        7⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        7⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 240
        7⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29917.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19445.exe
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        5⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        6⤵
        
        PID:6792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 228
        6⤵
        Program crash
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        5⤵
        
        PID:6788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        5⤵
        
        PID:9068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        5⤵
        
        PID:10804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 244
        5⤵
        Program crash
        
        PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        5⤵
        Program crash
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
        5⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        6⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
        7⤵
        
        PID:9860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 248
        6⤵
        Program crash
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49938.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        5⤵
        
        PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11404.exe
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        5⤵
        
        PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        5⤵
        
        PID:7520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        5⤵
        
        PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      4⤵
      PID:9656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        9⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        9⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        9⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        8⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 248
        8⤵
        Program crash
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        8⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        7⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 248
        7⤵
        Program crash
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        8⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        7⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        7⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        6⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        6⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32825.exe
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 228
        8⤵
        Program crash
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8594.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        7⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        6⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        6⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        6⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12440.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        7⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 224
        7⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        6⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57615.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22083.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61594.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41054.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        7⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 248
        7⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        7⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
        7⤵
        Program crash
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        6⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        6⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2910.exe
        6⤵
        
        PID:11228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        5⤵
        Program crash
        
        PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
      4⤵
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
        5⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22.exe
        6⤵
        
        PID:5376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 244
        6⤵
        Program crash
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        5⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        6⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        6⤵
        
        PID:9932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
        5⤵
        
        PID:4256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        5⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        5⤵
        
        PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
      4⤵
      PID:348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 220
        5⤵
        Program crash
        
        PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
      4⤵
      PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56471.exe
        5⤵
        
        PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
      4⤵
      PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
      4⤵
      PID:7380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
      4⤵
      PID:9780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
      4⤵
      PID:10428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        5⤵
        Executes dropped EXE
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        6⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 224
        7⤵
        Program crash
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        7⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        6⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37681.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        6⤵
        
        PID:6864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        6⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
        6⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
        6⤵
        
        PID:10748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        5⤵
        
        PID:7328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        5⤵
        
        PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      4⤵
      PID:2204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 224
        5⤵
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        5⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19828.exe
        6⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        5⤵
        
        PID:5464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 224
        5⤵
        Program crash
        
        PID:6844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
      4⤵
      PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31990.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        5⤵
        
        PID:10576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
      4⤵
      PID:10396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
        7⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24354.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18174.exe
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        5⤵
        
        PID:7640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        5⤵
        
        PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
      4⤵
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        5⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        5⤵
        
        PID:9280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 244
        5⤵
        
        PID:10516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
      4⤵
      PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 240
        5⤵
        Program crash
        
        PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
      4⤵
      PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
      4⤵
      PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
      4⤵
      PID:9940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
    3⤵
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
      4⤵
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        5⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        6⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19700.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        5⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        5⤵
        
        PID:9104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 220
        5⤵
        
        PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41974.exe
        5⤵
        
        PID:5588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        5⤵
        Program crash
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
      4⤵
      PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23059.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
      4⤵
      PID:10536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
    3⤵
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
      4⤵
      PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14708.exe
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        5⤵
        
        PID:9448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34940.exe
      4⤵
      PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      4⤵
      PID:7704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6417.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
    3⤵
    PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
    3⤵
    PID:7708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
    3⤵
    PID:8464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
    3⤵
    PID:11212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3893.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        8⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        8⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        8⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24500.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 228
        8⤵
        Program crash
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
        7⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31756.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        7⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        7⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4448.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        7⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        7⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        7⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 228
        7⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
        6⤵
        
        PID:7852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        6⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11490.exe
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        7⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 228
        7⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        6⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        7⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
        7⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        6⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16698.exe
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
        5⤵
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        6⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
        7⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        6⤵
        
        PID:5360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 224
        6⤵
        Program crash
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29088.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        5⤵
        
        PID:7172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        5⤵
        
        PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        8⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 224
        8⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        7⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 224
        7⤵
        Program crash
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52569.exe
        6⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29027.exe
        6⤵
        
        PID:8756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 248
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        5⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        6⤵
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 228
        6⤵
        Program crash
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        5⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        6⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        6⤵
        
        PID:7304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 224
        6⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        5⤵
        
        PID:8000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
        5⤵
        
        PID:10092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
      4⤵
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17428.exe
        6⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63686.exe
        7⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 228
        7⤵
        Program crash
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        6⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        6⤵
        
        PID:10920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46852.exe
        6⤵
        
        PID:8832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 224
        6⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60872.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64668.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        5⤵
        
        PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39347.exe
        5⤵
        
        PID:7184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 228
        5⤵
        
        PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
      4⤵
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        5⤵
        
        PID:6836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 248
        5⤵
        Program crash
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
      4⤵
      PID:7508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
      4⤵
      PID:10812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        7⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 212
        8⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
        7⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        7⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        7⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57421.exe
        6⤵
        
        PID:5688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 248
        6⤵
        Program crash
        
        PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8532.exe
        5⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        7⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        7⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        7⤵
        
        PID:11168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        6⤵
        
        PID:5316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 224
        6⤵
        Program crash
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29020.exe
        5⤵
        
        PID:9128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        5⤵
        
        PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56415.exe
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        6⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        7⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        7⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31917.exe
        6⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        6⤵
        
        PID:10336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        5⤵
        
        PID:4456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        6⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        6⤵
        
        PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        5⤵
        
        PID:10196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 228
        5⤵
        
        PID:11360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
      4⤵
      Program crash
      PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
      4⤵
      PID:2560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        5⤵
        Program crash
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
      4⤵
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20826.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        5⤵
        
        PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        5⤵
        
        PID:9964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 244
        5⤵
        
        PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
      4⤵
      PID:4116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 248
      4⤵
      Program crash
      PID:5380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
    3⤵
    PID:2684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Program crash
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
    3⤵
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        5⤵
        
        PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        5⤵
        
        PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29014.exe
      4⤵
      PID:8020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
    3⤵
    PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-938.exe
    3⤵
    PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
    3⤵
    PID:9644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
    3⤵
    PID:11012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 244
        5⤵
        Program crash
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        5⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
        6⤵
        
        PID:7396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 228
        6⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55487.exe
        5⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        5⤵
        
        PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
      4⤵
      PID:3592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 244
        5⤵
        Program crash
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
      4⤵
      PID:6504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
      4⤵
      PID:9384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        5⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52778.exe
        6⤵
        
        PID:5180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 228
        6⤵
        Program crash
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2788.exe
        5⤵
        
        PID:5060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26964.exe
        5⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        5⤵
        
        PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        5⤵
        
        PID:10416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
      4⤵
      PID:3460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 224
        5⤵
        Program crash
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
      4⤵
      PID:4196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
      4⤵
      PID:8212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
      4⤵
      PID:10492
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 244
    3⤵
    - Program crash
    PID:2752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7643.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
      4⤵
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28959.exe
        6⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        6⤵
        
        PID:11028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-759.exe
        5⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        5⤵
        
        PID:6612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 228
        5⤵
        Program crash
        
        PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21298.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        5⤵
        
        PID:6944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 224
        5⤵
        Program crash
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
      4⤵
      PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
      4⤵
      PID:10024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
    3⤵
    PID:1960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 200
      4⤵
      Program crash
      PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
    3⤵
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe
      4⤵
      PID:9720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8486.exe
    3⤵
    PID:5868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61684.exe
    3⤵
    PID:7552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    3⤵
    PID:10216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
    3⤵
    PID:11340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
    3⤵
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46919.exe
      4⤵
      PID:3308
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
      4⤵
      Program crash
      PID:3328
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 228
    3⤵
    - Program crash
    PID:3392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
  2⤵
  PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
    3⤵
    PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
      4⤵
      PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
      4⤵
      PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49248.exe
    3⤵
    PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
    3⤵
    PID:8164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 224
    3⤵
    PID:9244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35436.exe
  2⤵
  PID:3656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47703.exe
    3⤵
    PID:6272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
    3⤵
    PID:8964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
    3⤵
    PID:11096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
  2⤵
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
  2⤵
  PID:6880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55087.exe
  2⤵
  PID:8224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe

Filesize
184KB

MD5
4a4532b0b1b1c119395343db63a4151c

SHA1
84e0cf5bb127cb8a9fb10504ae2f061f4805ba37

SHA256
f1588c7225ad74ddb466ad4476a672692db80892853edb61a83620cad924d433

SHA512
11d7adbb0030e65f3c76a6d380bbdbbd974ee968b53a6e17927710d0c1607d8d526794768c54d22c41ce51a49ff9d985a6e5c6fa36396c62f79c52f011a64290

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe

Filesize
184KB

MD5
a154ea8ae7d3f213786bbe1a83dbba04

SHA1
efa54a07f6138cc4e85dcf595ef7aa022956a295

SHA256
3bc55bac16590e2c22a1a1f93bca917b69aa9eb486c79d7a93e5c4bffb900233

SHA512
4d204abf60473562ee768972decfbed0db36908a84a7873a1c11aa2a82291bdd562546a44060902cfaf8367894208e686e2f0c3dd18311b810548e20571fed01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe

Filesize
184KB

MD5
1a9442ea4e375bd7820e222be03f46b1

SHA1
9ad7b0eaf058854d4ca738dfca8406b362ee014f

SHA256
09bce6eddf1ba521d2b45ffd6874b6dfc7b4a5cf013683ce5cc6e541bef2d28f

SHA512
ab54927c1f930f9e9939e7a0253d7ad20cb08d50d14cba9b0fce712480c25e013155cfeb6360ab3b951afd1d256c74c2f74002e3e0040c89ea1009363785ec49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20990.exe

Filesize
184KB

MD5
113a552555d204050ca55f80db80a78d

SHA1
46915b6cd7bfd3f69ad42b1a13f4338c1fd03ad7

SHA256
507bf9d7af3b4184f7dad742785e89ca03158cbd0cf463e3dd8d41166181d0c1

SHA512
725cd11e99462da3a1fad694e5228a7bb870bd2073b7d9f30a0a03ad44c33b9965e5e8ca26422f734c0ce0236660276adbff6d18397a91a26a224ef433a44a50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe

Filesize
184KB

MD5
6deab863dee618a6dbc953cf7b9804fc

SHA1
982d18cf6ac019e1c1ebbcf54f5a35f147981c14

SHA256
b7b8223021ba2c99e771d4516e2ee8ae583a9e28500692b3acc47559ceb24c12

SHA512
529f6e2d09913f00ad02bb6dedabff03acba424e21e1a80c21c288177d106f7505ce38709038a4473e5ec302a3ef75222d63b7ed3d70036a759691d47da1dd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2575.exe

Filesize
184KB

MD5
72bcf7f27c65ff12056686fe5bf3be6d

SHA1
fc92d1400842b671fda3210ffa8428afc8885176

SHA256
50786e2241288a5b4d832b352bd2f0c46d203a83bb0ebda727248a50a467b3f6

SHA512
bed65deacb6d33c2d9bef359338d5271fb50745555367e363562d7c5633f7f36e16f97d5742e040df984e99d70a504d18a63c3a3354ac7dcf45026e9972e7778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe

Filesize
184KB

MD5
721b2cefc5c7da1602fee26c81e7e6e1

SHA1
8712331977997e6b5d019ac093e273777b2a01cb

SHA256
ff1050be78fa795153983fd986048eafdb306bccef80664532c445e329648c94

SHA512
663f56eea4b412657f1a83bfed96955c690ed1dcba648377db86d96adfff6a88ae6dcfdf54f0b834522cd3111edf5d940a8a00ca648dc465e281071aa3f9fae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe

Filesize
184KB

MD5
c0aad94b36411c466cd1447539f59d64

SHA1
941af6433ddd5522a8a534e06f5f36d355bee851

SHA256
ae91f6877cf8ee5d396a4fa1360319b5e9d1fc77e44f304243f5f670968b7ead

SHA512
5b6d655e2f678af881981b56dd4d6558b974dcd24cc343503905de5df13dda920b56d919d2ae9071f03b335dcff58747aa4e097922c1e2160a9dc82db9425af8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe

Filesize
184KB

MD5
83e71ea3635967403c031ca064c69da2

SHA1
1d9480a8ca777a015ae099bf02c946a3d909e5e5

SHA256
500758ada835c4a746bda40af0c8d631a107dfd1567e4216bf27945a3b21c567

SHA512
9b1d92fe8b10d720bbe3ea13798a6ba7e64585398cd6f3b7781b834f2c69eb0079f8ca95f41b4f3ffaeaee5d502a789f1fb85085f9a80e618f1792de2e4adb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe

Filesize
184KB

MD5
46cda19c9a797058478610af424b9c7b

SHA1
bf074559c9a27b7fce4696efeba338055ef7936e

SHA256
3ddbccc1d073b29671087b8540a8c8f69763c5f03d7ca408747fdbbed9aaf293

SHA512
4ffbf5c0c0a8d3257176a721e84a568da1cec5ac3b03d201339d4faa1c6c90269c4be5aa93281aa966e6722d15be7e1527e680c6e375076f1b39aa3c3b224df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe

Filesize
184KB

MD5
b2bfb40a24102f053887042029fa2588

SHA1
582923cc1ebc5fed86d8c8259715c4df233f8111

SHA256
00ba7984865bf1b7cd5457f7c999efc92fca95eecd667a6b887cecc4c76f518c

SHA512
9b8aedf19401c6af61fb865651ec6b319f4671071a04d938ee1be057630f2d57e8f0c8830a026ca3fb61b80c1d01671e33e1d182eec435d3d9f8c5368ae322fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe

Filesize
184KB

MD5
d77feeb64d554654e5c36f3ffbe05649

SHA1
55f6790d7223ab388689e758f2a93c558bcef4ae

SHA256
8c4fd363c0f384ea40340fc2d080e43167e6213cfa1d8e7b9259fc0008396c6e

SHA512
d4d2b6028ad461d7b5743aa292fc081a6f4ecd3fd0cbd18b800b8abd9d5ed6405d8200f08ad3c530434fef1f2084d36212aa91a4379de92ac707625af312b255

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe

Filesize
184KB

MD5
a099bc5ec1e2ad7f666b00f9ad10bef6

SHA1
d4bc658e20530953914e21d405178fb63a773093

SHA256
d5d9cf6056c72b1ef25ab7be6087f681e615f4ddea989d72a0c7593ad2292a6f

SHA512
8d339dc38e8fdf29d58e90116e133503728aebc0baa3cb1163ad6b919e709ab42d70467f84c2c94e4019dfe620c413ca8acfd880bbf3a2cf28076c855d52871d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe

Filesize
184KB

MD5
703885c6f42a0b5ff1de88a1ab3b6fe4

SHA1
985637dd901313abd2d329583f4e4c0257f08eaf

SHA256
46865c83b0412c2233ffa7633eb4fc4ba249c093b024161a4cddc7da11c7de13

SHA512
6ae4e499df32959f8f4d7b2126456622ce6d0b4551b471d29b30bf6d232c01c28e838e0bf9f174cb17f73b9936119e58f088eb47741d003723751bd16606d5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe

Filesize
184KB

MD5
1aeda2d66f7a5de1270fa092a8f1214b

SHA1
48cab72a0cac721b48e520bbf5ddc020ce71a7f5

SHA256
2f664adff758e5a8dabcf78d433bd7d37e8e11e33314e768a62c0e79e8d90cda

SHA512
ad01609e77c1b828295b7ddb1d46700ae3f1131e3879eb1913788f08011653945966e7df72d9899f6ec524d56c4a29c6e57d298ea66627b726ff973451a9a2cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe

Filesize
184KB

MD5
adb927d1f9631160b39fe1f0f52647c5

SHA1
b553a5822cbeb3e78df1bdb43b1cb642b5bac725

SHA256
67b287d786fc10a33ac3ceb61d8fd32785b52eb489c0e7062f2727a380ecf35b

SHA512
ad89f1515c31b19c4916097719e5c92f12507fadfdd80cca6ae94d9f97ec0b5996c44fe3f40a5407c0472fdb5b7f2871d32bb202d86d9573d4fc9af99e10d886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe

Filesize
184KB

MD5
91f0f280d0ed0a03e926fda2447da9ff

SHA1
9e007acd33edf65c3eaa6a50cba996f56e121cc3

SHA256
1648d3ab137b7e15e67a4f66ae53bcc7319e153ba9c0a44596b28b6609dbefdc

SHA512
d4894b000e12fe59ea2dd2a597dd6cd8147e36891e6770fcc87a1b4b45881617f9f9c06da2fbd97941d66f54a7c7c1385b83d7e947e86c6b2a27d23f72615f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe

Filesize
184KB

MD5
2f7be57a8409b98f969fa626a5409510

SHA1
aca95f779f0c18bdc0227f8f860c88af7390a580

SHA256
ada7f45c0c6e5221a6450f812520bd3e82f1afafdadbd4767b8693fd3e9f6a08

SHA512
cfb356ba342dc51654381326ae3de9e585be9048b52bba80ab5af7ba00b2166b33d9632308c95e6628188b5d06dd9a6e13090250e27192c6577c3ab5f068d4f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe

Filesize
184KB

MD5
0d0875abcbdcb14fa5fa7166ed960395

SHA1
37fb471a6b8d2650367e76380be2d0194fc3c43a

SHA256
bff7c93413f75b8b24ff5d7ed4aa851a8533aa1bb272bdc39dca632762105a75

SHA512
d8fca1c1295c55af2997147175b5f174d6f03a7d40f9412921cbbf50fb3eb84db5600dc2d58b1e0712f494f65bda6b671422e575697d4645513f0ffbd7985a36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe

Filesize
184KB

MD5
d81bc4ef4150ea6c6e11ff79b9edbece

SHA1
da8bda6ca3d531a96886e4b23654731292ea048b

SHA256
007cdb4940f365abc79903acfb7ad5f79935b6fe3292ea958f493ea1c8c92f75

SHA512
5cec3b955b328c2477885ae6f8b95266036cf4069beb28a7f19b636a2b9f2e7a696c60cc1b7e7937efe3f058604d2f1dd881c5e06befcf9cd521b987e361a776

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe

Filesize
184KB

MD5
06125329c52cccac65e8066aa6b18587

SHA1
d85ed69db997fd3609e89e7aebdf30cebbbdd084

SHA256
10b3d0c439719e8d6721244aa972356ea1faade462531e88f4884c9043f44cdc

SHA512
613df69ab6114d696f543ff603761f1f59508ec6091f4250aa3c5cd45f610424bdb04de99389748b49ef799572679c5e381f987b4eea0a15eddb4e9f6ce23b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52964.exe

Filesize
184KB

MD5
9130e26aaac580bb1e7f71a2ee81d60f

SHA1
d73cf8d3e81ec8c92a199064597cc7f2236835a5

SHA256
23f9037dd4abe70c6478da5057fe0338a4d87651da9c9139af9f858be3dbabbe

SHA512
346a9fb8907f32aea3fb85b993851b48ecb0041fe5527cf51cf6d5a0f90f73264d675ab44ed5aaff364a9b61f6dcc0002abf84841321ba420398a929f2d9b548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe

Filesize
184KB

MD5
739294c6fe5ee02ea132f25c0f08a376

SHA1
a1b2cb4b847e7d5882c3f606984efabd5e7ac082

SHA256
3535fb17136552da3aaf57f345a491d3634da985e60fbdc8e483524b1da4de7b

SHA512
521e0ea11c3555d3891ea6ba83a8273569ce70aa0575cda4e221de93cce9d9119f851cfe1b74321c1f679a070797b0461000ed56c4f436796094cb4c22516901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe

Filesize
184KB

MD5
ae7fdac7d487f310ce36dadbc9e05fd7

SHA1
561c3f90a47ad2cb6c26404accc0f672f8809cb3

SHA256
6e1ad5f0e463383e398b52d1a5e939910d563d4321062ff7c6278d509d2a51ae

SHA512
388590c4c8177a8b6f725146ed1814ee579839220b66da98b1efaa258d4f612c4b96d898ff8160817577c22669c166ef0302d248a2c624dbb0d636baacdb03af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe

Filesize
184KB

MD5
83b483c8f683d778ebb50a66309b41d8

SHA1
c90cd973474904e0f6b87056f6ec052ee0b359aa

SHA256
3d5b0420bac968496ab39a50b8e29fe35a751270db79932300e66cc4b19ea0f5

SHA512
cc18996b5b5e35dc9cf2268b3042191ee8a437412dbe26288b6b67a4926818b52d421408173bc985b49dcc23f8036fbfc4563b4ddc67e8baa073f28fab0bbbf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8495.exe

Filesize
184KB

MD5
4b06d93251e90324410e30f1423a5b7e

SHA1
53da898e58eb81c3876606cb65946b6b8ae73522

SHA256
3cc1e9eb56d6aa1de6a6d3db654e8cf22657731eca10e3c3f842a1ddc6cc786c

SHA512
f42808414931de1f18cde2c7c860c242edfbe2c2d63402daac66d4dbed4e6ea97a3b963a6da8231a7329f70f6e633fc98a1a557262d54e40cbed27f9855aea17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe

Filesize
184KB

MD5
ea147534dcc3fc76a4cc763a2ba24450

SHA1
cdb0905b77015cb66ff5fba00b70321ba270cbed

SHA256
8ad3778608888cccc5a2c1b8eb64b5a3eb30202692a40baf9eb6c20f67ebb243

SHA512
94cb57b266ae87a8b8245af90e97ce6ab4cc24224a81f64281717c304f2ec608a2295614f65f9e42d1d79591cb8e89c74e178acb83a9b734dc0db13a1ae474bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe

Filesize
184KB

MD5
8cc9261dc76bb2563acfdb22a56e7184

SHA1
4306b43588f8d3a7cfc39f46f6dc2a09dbc2179a

SHA256
e1a0398f3fbfdb3bbe52d78290c8244eae5a583d9a47b8d83ff26025ca004edb

SHA512
d0a13edccc1255e828086e6ef99906f5077bc63041382b7402e1b3b582073d1a417ccb529b1c64c593e813b9000c39d488ba0ee406c8e706963ee57fae66a141

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe

Filesize
184KB

MD5
9a5e0c180aa38dc3a860729e6a26381e

SHA1
c0269a73ea20d32c84a9a03b0ef4e1a74142b1cd

SHA256
a6b92ed95fb66695d6384d546322eba9c808cd21e60432fbdd03c772d045c65f

SHA512
3f368cc9242559329aba45b8ca873d76e3cc1c01cfed8f3c36cf98f266462bf6150e934c64922e73b463e529185bd7910ce178e37b066fef9765cf41812cf090

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe

Filesize
184KB

MD5
037392d0d562c7abfedb820cae81459d

SHA1
ed951dd6bb584dc70f6bc7a151a55c9000c88508

SHA256
3bfeefbe142c4d5f9ad61143dc222664598efb9f82118ae8c07957516e9a751a

SHA512
a79aa7211e5c190944de75fe27f1d12e615282c530e79b639e0586aad49b0c382956fbbd74f56454dd7efbbbf54a63e62067f7b16f48a6e87728575c0d2b55ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe

Filesize
184KB

MD5
9ff0a7b98c5476ad26d70a837a6e815b

SHA1
23b609562c7ba2da3f288086f548f3f27820958c

SHA256
fbaa81ae0699986864a4cdba19e17644e9026e6cecb6aa5651379c104d077732

SHA512
318afbd30215780fda58a3a27f0efac990867584676d6ec28e4a29345bef3efe2351c9cbc2a28fd8e20df8e942001c2e904a8874755cb863a8e15725d6115ccc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe

Filesize
184KB

MD5
33a6600698fc6ddb22980b8fe839098d

SHA1
2756a6511347e1cce2905dfee6ffed218a942262

SHA256
28a025dbb5407ca9f55627f4273bc25546fa4ce858bdacab0231db1da136e7a4

SHA512
f987388f652da1b3beec58722b8b0ec6e30c48f13e4ee8234fe0acd8ddae63301f79415bd65e5170164a0c0df7fc7e41a19661bb4941b3ce06acf7c83937eb16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe

Filesize
184KB

MD5
2a0f293c5397808b5a9a30c28d28912d

SHA1
e3c487246eb85792d2c78d27d4e8fcff45e1f20e

SHA256
52d874567b2eca0281b442afe35fbe782275eca94fd68652bba1210d30d46cf4

SHA512
6f6576ddfbb61940d28aa2b91c18b96c5878e46436bf7522f0bea76129bf8c1d7a17ad7fa581ddff510f70c762183b0dbf200eb665297ef37dfdb5934ef5192d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe

Filesize
184KB

MD5
48eb6d69bc5f45d791ad2d683d480f44

SHA1
0069e35cd37534417ce207bb47ee0be1a9e546b3

SHA256
fff3f7d185087f00f312b9101a3a8b818f921571f81f4ccf4ae819f8aedb3270

SHA512
1860659570cde45b7c314b6bcb458789c9912e35b16dc049fca8e2ac7d8f8d764b1fa19be9f73133ddbd0f6e2547a079b6ed0011c2a83d8df8d1dba7b56a53ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49422.exe

Filesize
184KB

MD5
8e67d7a24a314305373b267235432248

SHA1
1749a497c14d2ff3f16f622b6a8087ce4cd858bd

SHA256
e6e1743bf2479396d0946dee9d7210940a4d28f4ae837af7ee093b9d0b4a0563

SHA512
bccd446de8c190f6f4eb73dde08c61870ad6eb1e7ff649b73e4b88f3baff15525735d6eab97675923765bbdc8d918a43df016ec47ee0e1585c94d86ae290568e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe

Filesize
184KB

MD5
74909f6092c6d75a1b14e644875db750

SHA1
0ac44588d3fbc5e891d9807496e028dbe5443eff

SHA256
8bb3aa5e56cc8f284371ab15279dc6bc710865390d8922b54afe23400d3f6ff1

SHA512
8f4bd4d92113311fcd4a8b39bf31cd30ba9d93e93a8a6653197d8b7923199ab374ec2975b532adf01fca253f155e31013c379342b67d615e15480a26eca10bf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe

Filesize
184KB

MD5
d8cf96d0be2c823c9b702a5e33863b4b

SHA1
7717fffea2d68ad3f1f6c05e9135fa185baffe02

SHA256
281e70800f7bd140b3e089a1752bea9083e21399485ca808b72320df844c38a8

SHA512
ea0cd44044a4043cb967d3b911f7dd35ffed93169b88a333242bcf4dab5daccdc46204ebdad48d6a51acb2ef68d430601f24de3841d2c8724ffdf5d174ce1a63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe

Filesize
184KB

MD5
2edc57298983b611ab339b1fc8844257

SHA1
75afbd6163fd34d0d74d35b17ff0a95d77c03039

SHA256
eaef16624c964d9f91aa0be7fa35ca8e1151d0f63cb2cfb9323cc01674e0f541

SHA512
0cc94af57e683f3fbe3bd290038192d902300cffac4d19008baaf9e59d89068426c719285a520b8079ade4b62c56070acab5e5a171e97c3bd1d2e4aa24c28266

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe

Filesize
184KB

MD5
cb1b00f474e182f3fee4c47b7b07c33a

SHA1
dfc080288740c6cfb0ae56b581dda721611c5d48

SHA256
5585b93aff71c0d348965e57e9294985eb8f314ed6b8cea938e6d2140d3334f8

SHA512
2bb9c8716640d3d34f74fe6b1ecef638ca29e62986fd21946783c0f2761b00ffd80001760038cc046e06cd3b4b0932baecf456260eb6d7a60bf0b3e722b8c228

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63999.exe

Filesize
184KB

MD5
d1899c5bead77eea69ca815d875365d3

SHA1
5048bd2fa22ec54055df23dd3cd6da1380da07a7

SHA256
280c21c3333d5b21c3cd6a141076e53ecf48389413f25615bd7fba76807a3a7c

SHA512
13e64b12a31330fc274029d6ca0352c458335889de7f1f247c46b2281f24786b6034c20155856601fec665fef357b5885560c20d72b88d48f3fc144b5cc290bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe

Filesize
184KB

MD5
18c2cd591e4870cf897d2873aeba09df

SHA1
b11a72da0952209ffb5591118de72e03148e42a3

SHA256
fae93333b88f2f5a721a2915b83a1af3166079c3947e7adede1fc37f2a48243e

SHA512
0eebf193f97563313d24fae5c306ce98354971d6b4d465ac3f764c759c06eb32c8667ba5a3a6c3f3478335dfa68a26248cc48c600bdb12b6dee6a85725878914

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads