e62222ee44c0474adef2f72286cb2b6e646ce5ff2b4cc1de2c289298e5ffdc9e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-05-2024 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
Size

184KB
MD5

042da2e63c064e2798bc3f837d505a90
SHA1

1fa04349eb6ac3d65732b8a2f9997399d32674f2
SHA256

e62222ee44c0474adef2f72286cb2b6e646ce5ff2b4cc1de2c289298e5ffdc9e
SHA512

2165855f7b0c497f7cecd91175d3b3d0c49d663754fa0ff2980217c30c40851e3e690d1ae41810dc36d907317bf58f0e7209a03f56fc05b4d2bfedd7ae35ac99
SSDEEP

3072:0RlCygodpvfBdXAg1LBVbGnPnvnqcviuI:0RWorXAeVanPnPqcviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2820	Unicorn-24958.exe
2360	Unicorn-53868.exe
2668	Unicorn-34002.exe
2656	Unicorn-9410.exe
2808	Unicorn-50998.exe
2580	Unicorn-19808.exe
2564	Unicorn-30023.exe
2208	Unicorn-10837.exe
2716	Unicorn-36088.exe
2872	Unicorn-2669.exe
824	Unicorn-57992.exe
2044	Unicorn-40172.exe
2020	Unicorn-23017.exe
1624	Unicorn-60038.exe
2116	Unicorn-24481.exe
2516	Unicorn-4615.exe
2936	Unicorn-26518.exe
2084	Unicorn-32649.exe
1148	Unicorn-13188.exe
1484	Unicorn-9104.exe
856	Unicorn-9851.exe
1672	Unicorn-8534.exe
3052	Unicorn-4143.exe
2412	Unicorn-4143.exe
2124	Unicorn-37885.exe
2400	Unicorn-63550.exe
1944	Unicorn-16130.exe
1868	Unicorn-1766.exe
1160	Unicorn-21632.exe
1948	Unicorn-45259.exe
1696	Unicorn-30960.exe
2428	Unicorn-14423.exe
1612	Unicorn-58206.exe
336	Unicorn-58471.exe
3024	Unicorn-30437.exe
2440	Unicorn-62747.exe
2628	Unicorn-34713.exe
1256	Unicorn-5378.exe
2696	Unicorn-1294.exe
2780	Unicorn-46966.exe
3044	Unicorn-23944.exe
2556	Unicorn-12970.exe
2708	Unicorn-54558.exe
2576	Unicorn-17247.exe
3008	Unicorn-16285.exe
2364	Unicorn-41751.exe
344	Unicorn-37667.exe
2840	Unicorn-33318.exe
2876	Unicorn-62363.exe
1188	Unicorn-42497.exe
864	Unicorn-38413.exe
1292	Unicorn-54195.exe
2508	Unicorn-41181.exe
1660	Unicorn-3607.exe
2096	Unicorn-9737.exe
2852	Unicorn-5653.exe
2920	Unicorn-14376.exe
604	Unicorn-35166.exe
792	Unicorn-7132.exe
1736	Unicorn-59862.exe
708	Unicorn-8615.exe
1900	Unicorn-14480.exe
2416	Unicorn-10661.exe
2388	Unicorn-39442.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2820	Unicorn-24958.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2820	Unicorn-24958.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2360	Unicorn-53868.exe
2360	Unicorn-53868.exe
2820	Unicorn-24958.exe
2820	Unicorn-24958.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2668	Unicorn-34002.exe
2668	Unicorn-34002.exe
2656	Unicorn-9410.exe
2656	Unicorn-9410.exe
2360	Unicorn-53868.exe
2360	Unicorn-53868.exe
2564	Unicorn-30023.exe
2564	Unicorn-30023.exe
2820	Unicorn-24958.exe
2820	Unicorn-24958.exe
2668	Unicorn-34002.exe
2668	Unicorn-34002.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2580	Unicorn-19808.exe
2580	Unicorn-19808.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
2208	Unicorn-10837.exe
2208	Unicorn-10837.exe
2656	Unicorn-9410.exe
2656	Unicorn-9410.exe
2360	Unicorn-53868.exe
2716	Unicorn-36088.exe
2360	Unicorn-53868.exe
2716	Unicorn-36088.exe
2872	Unicorn-2669.exe
2872	Unicorn-2669.exe
1624	Unicorn-60038.exe
1624	Unicorn-60038.exe
2580	Unicorn-19808.exe
2580	Unicorn-19808.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2020	Unicorn-23017.exe
2044	Unicorn-40172.exe
2020	Unicorn-23017.exe
2044	Unicorn-40172.exe
2668	Unicorn-34002.exe
2668	Unicorn-34002.exe
824	Unicorn-57992.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1968	2808	WerFault.exe	32
1532	2564	WerFault.exe	34
1748	2628	WerFault.exe	66
2420	2708	WerFault.exe	72
3040	344	WerFault.exe	76
1564	2840	WerFault.exe	77
2772	2316	WerFault.exe	134
2756	2336	WerFault.exe	113
2256	2920	WerFault.exe	86
2512	1364	WerFault.exe	127
2752	708	WerFault.exe	91
1304	484	WerFault.exe	96
2728	792	WerFault.exe	88
1920	2388	WerFault.exe	94
2868	2364	WerFault.exe	75
2464	2516	WerFault.exe	44
1280	1264	WerFault.exe	98
1876	2936	WerFault.exe	45
3368	2356	WerFault.exe	112
3376	2112	WerFault.exe	118
3384	912	WerFault.exe	104
3496	380	WerFault.exe	120
3552	960	WerFault.exe	97
3616	1944	WerFault.exe	56
3680	1604	WerFault.exe	117
4012	2636	WerFault.exe	142
3516	3428	WerFault.exe	254
3084	2260	WerFault.exe	159
3960	2136	WerFault.exe	194
3344	3920	WerFault.exe	262
3884	1804	WerFault.exe	146
4304	3672	WerFault.exe	283
4160	3480	WerFault.exe	255
4972	644	WerFault.exe	124
4532	2416	WerFault.exe	93
4608	2240	WerFault.exe	144
4132	1828	WerFault.exe	110
5832	3708	WerFault.exe	234
5804	3224	WerFault.exe	214
5964	1692	WerFault.exe	169
6212	3104	WerFault.exe	263
6512	2992	WerFault.exe	188
6328	1984	WerFault.exe	114
6412	336	WerFault.exe	63
6544	1160	WerFault.exe	58
6736	3008	WerFault.exe	74
6904	2556	WerFault.exe	71
7076	1660	WerFault.exe	83
5352	2168	WerFault.exe	119
6252	2876	WerFault.exe	78
6360	2632	WerFault.exe	192
6192	3268	WerFault.exe	250
6980	2704	WerFault.exe	208
6688	3568	WerFault.exe	256
7524	1600	WerFault.exe	206
7532	2844	WerFault.exe	172
7568	3088	WerFault.exe	264
7800	2924	WerFault.exe	210
7420	3456	WerFault.exe	223
7460	3796	WerFault.exe	265
7468	1964	WerFault.exe	189
7200	2948	WerFault.exe	150
7616	3936	WerFault.exe	240
8036	1664	WerFault.exe	140

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
2820	Unicorn-24958.exe
2360	Unicorn-53868.exe
2668	Unicorn-34002.exe
2656	Unicorn-9410.exe
2808	Unicorn-50998.exe
2580	Unicorn-19808.exe
2564	Unicorn-30023.exe
2208	Unicorn-10837.exe
2716	Unicorn-36088.exe
2044	Unicorn-40172.exe
2020	Unicorn-23017.exe
2872	Unicorn-2669.exe
1624	Unicorn-60038.exe
824	Unicorn-57992.exe
2116	Unicorn-24481.exe
2516	Unicorn-4615.exe
2936	Unicorn-26518.exe
2084	Unicorn-32649.exe
1148	Unicorn-13188.exe
1484	Unicorn-9104.exe
856	Unicorn-9851.exe
2412	Unicorn-4143.exe
1672	Unicorn-8534.exe
3052	Unicorn-4143.exe
2124	Unicorn-37885.exe
1944	Unicorn-16130.exe
2400	Unicorn-63550.exe
1868	Unicorn-1766.exe
1160	Unicorn-21632.exe
1948	Unicorn-45259.exe
1696	Unicorn-30960.exe
2428	Unicorn-14423.exe
1612	Unicorn-58206.exe
336	Unicorn-58471.exe
2440	Unicorn-62747.exe
2628	Unicorn-34713.exe
1256	Unicorn-5378.exe
2696	Unicorn-1294.exe
2780	Unicorn-46966.exe
3044	Unicorn-23944.exe
2556	Unicorn-12970.exe
2708	Unicorn-54558.exe
2576	Unicorn-17247.exe
2364	Unicorn-41751.exe
3008	Unicorn-16285.exe
2840	Unicorn-33318.exe
344	Unicorn-37667.exe
2876	Unicorn-62363.exe
1188	Unicorn-42497.exe
1292	Unicorn-54195.exe
864	Unicorn-38413.exe
2508	Unicorn-41181.exe
1660	Unicorn-3607.exe
2096	Unicorn-9737.exe
2920	Unicorn-14376.exe
604	Unicorn-35166.exe
2852	Unicorn-5653.exe
792	Unicorn-7132.exe
1736	Unicorn-59862.exe
2500	Unicorn-18830.exe
708	Unicorn-8615.exe
1900	Unicorn-14480.exe
2416	Unicorn-10661.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2820	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2820	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2820	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 2820	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	28
PID 2820 wrote to memory of 2360	2820	Unicorn-24958.exe	29
PID 2820 wrote to memory of 2360	2820	Unicorn-24958.exe	29
PID 2820 wrote to memory of 2360	2820	Unicorn-24958.exe	29
PID 2820 wrote to memory of 2360	2820	Unicorn-24958.exe	29
PID 2192 wrote to memory of 2668	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2668	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2668	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2668	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	30
PID 2360 wrote to memory of 2656	2360	Unicorn-53868.exe	31
PID 2360 wrote to memory of 2656	2360	Unicorn-53868.exe	31
PID 2360 wrote to memory of 2656	2360	Unicorn-53868.exe	31
PID 2360 wrote to memory of 2656	2360	Unicorn-53868.exe	31
PID 2820 wrote to memory of 2808	2820	Unicorn-24958.exe	32
PID 2820 wrote to memory of 2808	2820	Unicorn-24958.exe	32
PID 2820 wrote to memory of 2808	2820	Unicorn-24958.exe	32
PID 2820 wrote to memory of 2808	2820	Unicorn-24958.exe	32
PID 2192 wrote to memory of 2580	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	33
PID 2192 wrote to memory of 2580	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	33
PID 2192 wrote to memory of 2580	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	33
PID 2192 wrote to memory of 2580	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	33
PID 2668 wrote to memory of 2564	2668	Unicorn-34002.exe	34
PID 2668 wrote to memory of 2564	2668	Unicorn-34002.exe	34
PID 2668 wrote to memory of 2564	2668	Unicorn-34002.exe	34
PID 2668 wrote to memory of 2564	2668	Unicorn-34002.exe	34
PID 2656 wrote to memory of 2208	2656	Unicorn-9410.exe	35
PID 2656 wrote to memory of 2208	2656	Unicorn-9410.exe	35
PID 2656 wrote to memory of 2208	2656	Unicorn-9410.exe	35
PID 2656 wrote to memory of 2208	2656	Unicorn-9410.exe	35
PID 2360 wrote to memory of 2716	2360	Unicorn-53868.exe	36
PID 2360 wrote to memory of 2716	2360	Unicorn-53868.exe	36
PID 2360 wrote to memory of 2716	2360	Unicorn-53868.exe	36
PID 2360 wrote to memory of 2716	2360	Unicorn-53868.exe	36
PID 2564 wrote to memory of 2872	2564	Unicorn-30023.exe	37
PID 2564 wrote to memory of 2872	2564	Unicorn-30023.exe	37
PID 2564 wrote to memory of 2872	2564	Unicorn-30023.exe	37
PID 2564 wrote to memory of 2872	2564	Unicorn-30023.exe	37
PID 2820 wrote to memory of 824	2820	Unicorn-24958.exe	38
PID 2820 wrote to memory of 824	2820	Unicorn-24958.exe	38
PID 2820 wrote to memory of 824	2820	Unicorn-24958.exe	38
PID 2820 wrote to memory of 824	2820	Unicorn-24958.exe	38
PID 2668 wrote to memory of 2044	2668	Unicorn-34002.exe	39
PID 2668 wrote to memory of 2044	2668	Unicorn-34002.exe	39
PID 2668 wrote to memory of 2044	2668	Unicorn-34002.exe	39
PID 2668 wrote to memory of 2044	2668	Unicorn-34002.exe	39
PID 2192 wrote to memory of 2020	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	40
PID 2192 wrote to memory of 2020	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	40
PID 2192 wrote to memory of 2020	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	40
PID 2192 wrote to memory of 2020	2192	042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe	40
PID 2580 wrote to memory of 1624	2580	Unicorn-19808.exe	42
PID 2580 wrote to memory of 1624	2580	Unicorn-19808.exe	42
PID 2580 wrote to memory of 1624	2580	Unicorn-19808.exe	42
PID 2580 wrote to memory of 1624	2580	Unicorn-19808.exe	42
PID 2808 wrote to memory of 1968	2808	Unicorn-50998.exe	41
PID 2808 wrote to memory of 1968	2808	Unicorn-50998.exe	41
PID 2808 wrote to memory of 1968	2808	Unicorn-50998.exe	41
PID 2808 wrote to memory of 1968	2808	Unicorn-50998.exe	41
PID 2208 wrote to memory of 2116	2208	Unicorn-10837.exe	43
PID 2208 wrote to memory of 2116	2208	Unicorn-10837.exe	43
PID 2208 wrote to memory of 2116	2208	Unicorn-10837.exe	43
PID 2208 wrote to memory of 2116	2208	Unicorn-10837.exe	43

C:\Users\Admin\AppData\Local\Temp\042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\042da2e63c064e2798bc3f837d505a90_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16259.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33559.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        10⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26773.exe
        10⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 244
        10⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        9⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
        9⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34526.exe
        9⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        9⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61510.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        9⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        9⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
        9⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 248
        8⤵
        Program crash
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
        8⤵
        Program crash
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42798.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        8⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        8⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        8⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        7⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        7⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        7⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        7⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1766.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65181.exe
        8⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 224
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16397.exe
        9⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        9⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52098.exe
        9⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        9⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        9⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 228
        9⤵
        Program crash
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        8⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 248
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
        9⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        8⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        8⤵
        
        PID:12160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        7⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224
        8⤵
        Program crash
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        7⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        7⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        7⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        7⤵
        
        PID:11308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        9⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        9⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 240
        9⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        8⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        8⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        8⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        8⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        7⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 220
        8⤵
        Program crash
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        7⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 248
        7⤵
        Program crash
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36328.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        8⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        8⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38852.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3953.exe
        7⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 228
        7⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        7⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
        7⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        6⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        6⤵
        
        PID:9444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        6⤵
        
        PID:10932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9709.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        10⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 244
        10⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        9⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        9⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
        9⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        9⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
        9⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        9⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        9⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        8⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        8⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        8⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 244
        9⤵
        Program crash
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        8⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 228
        8⤵
        Program crash
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        8⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
        8⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        8⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52366.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45180.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        7⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        7⤵
        Program crash
        
        PID:2728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 244
        6⤵
        Program crash
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        8⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 224
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11737.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57317.exe
        7⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
        6⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        7⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        7⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        7⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23615.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17602.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43328.exe
        6⤵
        
        PID:8872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23502.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8845.exe
        6⤵
        
        PID:10564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        6⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56466.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        7⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
        7⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 224
        7⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        6⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
        6⤵
        
        PID:10020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 228
        6⤵
        
        PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        6⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        6⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        6⤵
        
        PID:10352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        5⤵
        
        PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        5⤵
        
        PID:8960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58242.exe
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
        5⤵
        
        PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        7⤵
        Executes dropped EXE
        
        PID:2388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
        8⤵
        Program crash
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 228
        8⤵
        Program crash
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        7⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        7⤵
        Program crash
        
        PID:6412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15492.exe
        6⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43649.exe
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27082.exe
        7⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46063.exe
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        7⤵
        
        PID:11580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8022.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        6⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        5⤵
        Executes dropped EXE
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18830.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        8⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        8⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9688.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2046.exe
        7⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        7⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16228.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        7⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58345.exe
        7⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 224
        7⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
        6⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        6⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        6⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        6⤵
        
        PID:10960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 224
        6⤵
        Program crash
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        5⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41806.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        6⤵
        
        PID:7360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        6⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        6⤵
        
        PID:10488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
        5⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59571.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22270.exe
        5⤵
        
        PID:9548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        5⤵
        
        PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50275.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
        8⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
        8⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 228
        7⤵
        Program crash
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
        7⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 228
        7⤵
        Program crash
        
        PID:7524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        6⤵
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51112.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        6⤵
        
        PID:10080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 244
        6⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19576.exe
        5⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
        6⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        7⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
        7⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        7⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7931.exe
        7⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28649.exe
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        6⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        6⤵
        
        PID:10988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 244
        5⤵
        Program crash
        
        PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
        5⤵
        
        PID:484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 224
        6⤵
        Program crash
        
        PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62887.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        6⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        6⤵
        
        PID:7732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 220
        6⤵
        
        PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
        5⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        5⤵
        
        PID:6420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 244
        5⤵
        
        PID:8348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
      4⤵
      PID:1264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 244
        5⤵
        Program crash
        
        PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54281.exe
        5⤵
        
        PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        5⤵
        
        PID:8824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 224
        5⤵
        
        PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57443.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
      4⤵
      PID:10540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        6⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 244
        7⤵
        Program crash
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        7⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
        7⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        6⤵
        
        PID:4612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 248
        6⤵
        Program crash
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
        5⤵
        
        PID:2336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        5⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26897.exe
        6⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        6⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        6⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29082.exe
        5⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        5⤵
        
        PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64164.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6662.exe
        7⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        7⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 244
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12527.exe
        6⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29527.exe
        6⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        6⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        5⤵
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
        6⤵
        
        PID:8484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47620.exe
        6⤵
        
        PID:10936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        5⤵
        
        PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        5⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41371.exe
      4⤵
      PID:1364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 220
        5⤵
        Program crash
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        5⤵
        
        PID:5520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 224
        5⤵
        
        PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
      4⤵
      PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
      4⤵
      PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
      4⤵
      PID:9468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
      4⤵
      PID:10752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        5⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21191.exe
        6⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        7⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        7⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 224
        7⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40710.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51906.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        6⤵
        
        PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7265.exe
        6⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58547.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        6⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43217.exe
        6⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10847.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14950.exe
        5⤵
        
        PID:9404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        5⤵
        
        PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12176.exe
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
        5⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57810.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        6⤵
        
        PID:8596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        6⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        5⤵
        
        PID:4500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
        5⤵
        Program crash
        
        PID:5352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 244
      4⤵
      Program crash
      PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41181.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        5⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        6⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        6⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52002.exe
        5⤵
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        5⤵
        
        PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        5⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        5⤵
        
        PID:10788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        5⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        5⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
        5⤵
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      4⤵
      PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
      4⤵
      PID:8276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
      4⤵
      PID:11032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
    3⤵
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
      4⤵
      PID:1692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        5⤵
        Program crash
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
      4⤵
      PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      4⤵
      PID:7704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 244
      4⤵
      PID:9332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 228
      4⤵
      Program crash
      PID:7532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
    3⤵
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
    3⤵
    PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
    3⤵
    PID:9460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
    3⤵
    PID:10432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        9⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 224
        9⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        8⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        8⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        8⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        8⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33860.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        8⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 228
        8⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47269.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        7⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
        7⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8279.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45423.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        9⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59829.exe
        9⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        9⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
        8⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43188.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15350.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        8⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        7⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        7⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        7⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 220
        8⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        7⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 248
        7⤵
        Program crash
        
        PID:7200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        6⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37307.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
        7⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        7⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 220
        7⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        6⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        6⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        6⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        6⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        6⤵
        Program crash
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        5⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        6⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        7⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 244
        7⤵
        Program crash
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
        6⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62274.exe
        6⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        6⤵
        
        PID:8224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42748.exe
        6⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8974.exe
        5⤵
        
        PID:2136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 244
        6⤵
        Program crash
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        5⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        5⤵
        
        PID:10160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 248
      4⤵
      Loads dropped DLL
      Program crash
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 244
        6⤵
        Program crash
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27635.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        6⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        7⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 224
        7⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13305.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2754.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        6⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34436.exe
        6⤵
        
        PID:6140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
        5⤵
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
        5⤵
        
        PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        5⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62003.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60513.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17779.exe
        7⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        7⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
        6⤵
        
        PID:7220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        6⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
        5⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        6⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        6⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        6⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        5⤵
        
        PID:6232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49603.exe
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13659.exe
      4⤵
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28371.exe
        6⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        6⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27373.exe
        6⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        5⤵
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        5⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        5⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        5⤵
        
        PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        5⤵
        
        PID:5764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        5⤵
        
        PID:7940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
      4⤵
      PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
      4⤵
      PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
      4⤵
      PID:11072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53835.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13347.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
        7⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        7⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        7⤵
        
        PID:11572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 216
        6⤵
        Program crash
        
        PID:4972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 248
        5⤵
        Program crash
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      4⤵
      PID:724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        6⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        6⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32160.exe
        6⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        5⤵
        
        PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2622.exe
        5⤵
        
        PID:10216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        5⤵
        
        PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59134.exe
      4⤵
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
        5⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        5⤵
        
        PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        5⤵
        
        PID:11064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49695.exe
      4⤵
      PID:6960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      4⤵
      PID:11256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 224
      4⤵
      Program crash
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38571.exe
    3⤵
    PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        6⤵
        
        PID:5688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 224
        6⤵
        Program crash
        
        PID:7568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        5⤵
        
        PID:7756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30276.exe
        5⤵
        
        PID:8424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        5⤵
        
        PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        5⤵
        
        PID:4544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        5⤵
        Program crash
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
      4⤵
      PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      4⤵
      PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
      4⤵
      PID:10784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
    3⤵
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47312.exe
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
      4⤵
      PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
      4⤵
      PID:10556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
    3⤵
    PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
    3⤵
    PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
    3⤵
    PID:10104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
    3⤵
    PID:10796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        9⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19166.exe
        9⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23365.exe
        9⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 188
        9⤵
        Program crash
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        8⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
        8⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 224
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5551.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        7⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45829.exe
        7⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        7⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        7⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
        6⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        8⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        8⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18240.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        7⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        7⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31485.exe
        7⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        7⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        7⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39885.exe
        7⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        7⤵
        
        PID:9612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        6⤵
        
        PID:7956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 244
        6⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        5⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57680.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        8⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        8⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        7⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        7⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 248
        7⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29721.exe
        6⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49258.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16740.exe
        7⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        7⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
        7⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        6⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        6⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48738.exe
        6⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        6⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34437.exe
        5⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        6⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        7⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        7⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 224
        7⤵
        
        PID:10372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 228
        6⤵
        Program crash
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49322.exe
        5⤵
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 244
        6⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        5⤵
        
        PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        5⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48855.exe
        5⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        5⤵
        
        PID:11012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        5⤵
        
        PID:11272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46966.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        5⤵
        
        PID:1604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        5⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        6⤵
        
        PID:8008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 228
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
        5⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        5⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        5⤵
        
        PID:8112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
        5⤵
        
        PID:9604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
        5⤵
        
        PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      4⤵
      PID:380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 224
        5⤵
        Program crash
        
        PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
      4⤵
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48324.exe
        5⤵
        
        PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        5⤵
        
        PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      4⤵
      PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
      4⤵
      PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26629.exe
      4⤵
      PID:10016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
      4⤵
      PID:10884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        6⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
        7⤵
        Program crash
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21281.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51872.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
        6⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        6⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33146.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
        6⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        6⤵
        
        PID:7176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 248
        6⤵
        
        PID:9808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        5⤵
        
        PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23084.exe
      4⤵
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        5⤵
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 224
        6⤵
        Program crash
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49950.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        6⤵
        
        PID:8576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        6⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        5⤵
        
        PID:6892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 244
        5⤵
        
        PID:9120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        5⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        6⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        6⤵
        
        PID:10028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        
        PID:11552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        5⤵
        Program crash
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36878.exe
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35688.exe
        5⤵
        
        PID:5848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 228
        5⤵
        Program crash
        
        PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
      4⤵
      PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
      4⤵
      PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
      4⤵
      PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
      4⤵
      PID:11396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23944.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
      4⤵
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
        6⤵
        
        PID:8744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 228
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
        5⤵
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
        5⤵
        
        PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        5⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        5⤵
        
        PID:10268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
      4⤵
      PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27795.exe
        5⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        5⤵
        
        PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
        5⤵
        
        PID:10224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 224
        5⤵
        
        PID:12260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
      4⤵
      PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
      4⤵
      PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
    3⤵
    PID:912
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 224
      4⤵
      Program crash
      PID:3384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    3⤵
    PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
      4⤵
      PID:6028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 228
      4⤵
      Program crash
      PID:7420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
    3⤵
    PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22327.exe
    3⤵
    PID:8844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
    3⤵
    PID:10228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
    3⤵
    PID:10672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        7⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        7⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        7⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        7⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22829.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        6⤵
        
        PID:10060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        6⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 228
        6⤵
        Program crash
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        5⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        5⤵
        Program crash
        
        PID:6904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
      4⤵
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        5⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        6⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 224
        7⤵
        Program crash
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        6⤵
        
        PID:6864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 248
        6⤵
        
        PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
        6⤵
        
        PID:6016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 228
        6⤵
        Program crash
        
        PID:6688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 244
        5⤵
        Program crash
        
        PID:4132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
      4⤵
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        5⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        6⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        6⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
        6⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
        5⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        5⤵
        
        PID:1684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 244
        5⤵
        
        PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
      4⤵
      PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28234.exe
        5⤵
        
        PID:7740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        5⤵
        
        PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
      4⤵
      PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
      4⤵
      PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
      4⤵
      Program crash
      PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
      4⤵
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46134.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        5⤵
        
        PID:7392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 224
        5⤵
        
        PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
      4⤵
      PID:5000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 224
      4⤵
      Program crash
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
    3⤵
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
      4⤵
      PID:5328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
      4⤵
      PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32116.exe
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59004.exe
      4⤵
      PID:9916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
      4⤵
      PID:11432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
    3⤵
    PID:6440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
    3⤵
    PID:8360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
    3⤵
    PID:9788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
    3⤵
    PID:10480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
      4⤵
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        6⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        5⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13186.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        5⤵
        
        PID:8588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38382.exe
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
        5⤵
        
        PID:5556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 228
        5⤵
        Program crash
        
        PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18955.exe
      4⤵
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58059.exe
      4⤵
      PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
      4⤵
      PID:9756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
      4⤵
      PID:10400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
    3⤵
    PID:2112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 224
      4⤵
      Program crash
      PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
    3⤵
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60192.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
      4⤵
      PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
      4⤵
      PID:8776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
      4⤵
      PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
    3⤵
    PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26792.exe
    3⤵
    PID:8856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40568.exe
    3⤵
    PID:9752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
    3⤵
    PID:10916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
    3⤵
    PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57483.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        5⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        5⤵
        
        PID:10340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
      4⤵
      PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
      4⤵
      PID:7300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
      4⤵
      PID:9288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
    3⤵
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
      4⤵
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6279.exe
      4⤵
      PID:6580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
      4⤵
      PID:7904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 248
      4⤵
      PID:9940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11747.exe
    3⤵
    PID:4436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 248
    3⤵
    - Program crash
    PID:6736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
  2⤵
  PID:2316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
    3⤵
    - Program crash
    PID:2772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
  2⤵
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
    3⤵
    PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21899.exe
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
    3⤵
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
    3⤵
    PID:10272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
    3⤵
    PID:11424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
  2⤵
  PID:4272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
  2⤵
  PID:6824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
  2⤵
  PID:8140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
  2⤵
  PID:10088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
  2⤵
  PID:10776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe

Filesize
184KB

MD5
d43a8fb346860a33947ffd134ae6719d

SHA1
e7a08c9d65eacde8b63aa25e71cc45f301a1c978

SHA256
317ec485044250ff7439ffe86ec0f1fac3039ed20fcb75f060319b7c6c081ae4

SHA512
b1f52086d8a22d9842cc3fc06114c123ffdff5092d81f0f7f61095e7f70556cdc2765deb0315c0ab9eed99192869bf0e727c762eb21cd25748e3875b1745b46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15238.exe

Filesize
184KB

MD5
a2277ac8a991eeebdf7f2fa6e8a0d12c

SHA1
0e16d9c1e727a7794382aada68e5c6959f81087f

SHA256
0845b7aeb920648ef6b612411a49c5c4cc464d85342591eac4a6befc6cae9301

SHA512
7f06c43ced85fdd8672b227354276b992b88e64ac31033ac2706e697cb86a9da85a6b49dcb03a7cfc1972256a1453d29249773c1b37716fd503e86e440eee685

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe

Filesize
184KB

MD5
fa6e0b521556f494edba2a8626448913

SHA1
f95ea77a01f8d6d3155c8a662f27348fb759fc8d

SHA256
0c7f9865ec2c75b88b72423c91058cd2e8375592af49b6ea858eaee417c0d4cb

SHA512
c53ed9963b8a869e5844a998654a96f9f91e095d248a0f22779a03007bd1b34550b8d9be22115c64b78371e14f70ffbd11358a3e1449f514ae49f4c2b22bd26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe

Filesize
184KB

MD5
61a5b8862c3ec6e4829e359f2bff1c06

SHA1
86bf2844be209aaf1ce15d9d0c0b08d42fcc7b16

SHA256
90e618e953f07d1b03ff36e391d5f0d32e7bbdfbf0ae5511f0e0348990c7d638

SHA512
a87ad9a6397cd75356df9155703bdba6100b12a1c01534271295a12229a07deb38dfb3ca86f7ac381e4f11de7ad9bf0a81f5f3ae50414a4e00d70aebbbc65e99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe

Filesize
184KB

MD5
2159e0f9a6d0fbcda908350f0ef3b9b7

SHA1
104123197fe06dc4c1bd7e77bca43de94e62b595

SHA256
a4ebbdc4092a41582ba411b1724c59bf068a7088dcafc47b76707d503b66f82f

SHA512
76435ec2ef6c2f665b1ca8065afa86cad8bf466880d3804c92cc0a65e9a45d43ccc750b0b973241f4a31e9c24e436859dc30e71d4fb62131e75d3cc7ea708fbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe

Filesize
184KB

MD5
729f6785d3abc8ea744492cc69c6392a

SHA1
8b3df5f21099c97be939e02e75e6a70e665c1614

SHA256
2cbdde0708881d0e0e6854ede08e1ba0e1a24975534cf792ec8ebb19b9d8dade

SHA512
b3f9289b8c17051994a6d68ae987df09168f6c611643f8eb8fce6dc59a56cd191fd7980749cb5e0372ceefe4eeaea696577d9131319ece2673a46194d407bc54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe

Filesize
184KB

MD5
79a95264ecbb3c6a59021f7277c1e754

SHA1
3a8d0943cc8e6cbee181295740bc22a2d268723f

SHA256
8bc26d3323a6e74d57c2fd1e2a06dc7fa3dd9e5e3527f9853dac0118e2ce0bec

SHA512
8b694541dccb0b8f23df8b94b4e573e8627788806095e64f871cf40c7216c5db77d2679693a9794100e2254c13d3c6b0de2e0802a0aff88f44ebcf80ebc7a389

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe

Filesize
184KB

MD5
5f7c106acf4549ffbdcdeaa6d1b0ba99

SHA1
c8ddda33f2fb3d352c38fcaafa99d21fe8000dfe

SHA256
e371ea088cdaa89ae4e9ca3190ae86aa047ea6c339b31069d6c3f41c372d23cc

SHA512
394ad2604a7453ba4c28732647aadb9a18ed90f6e99ef4da3a43c117bc16afc1f42f955545bc099080cd78d3cda5c65c50ad27206545d4f11eff4e3c0b285f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe

Filesize
184KB

MD5
d39b0314d4066d6a429ade0d139f266d

SHA1
96268e50588417ea9ba282b040c6b75fe88e66a4

SHA256
771a5a4cb1ea9b4d1215bd70682a8d6daa078187dde7e6c23a1b72b4b03199bf

SHA512
cfdbba191e8d17b9a803fe2c0ec4a512a02d66db957e8b9d6f5e19fc82a5e308a0622ec3a3cd2b57647dfcf22ca9e820257af4be22b1a0e570b9f1f3ed56fab2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26088.exe

Filesize
184KB

MD5
59b94351d1999b4a126f1d7778e07dc2

SHA1
fda570139fbbbfe9f0d7ac4bd78d92e3b11f38df

SHA256
610165fc5f81bbf9da6b0889f42b0df07d7bdf0d2fcdeb6749200b0222b9d5a4

SHA512
732c440572de59295793bc803c78c54bdbc239a79b9b0bd1ae673cf8b10d89a1cc51abe82328527046eb8005b953d0fe8956ef3badb1b9e4ff0158976656cfee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe

Filesize
184KB

MD5
36b5d6c7c2991ed7ffd5ca0a19601208

SHA1
cd9caf822dddbec0480b8cc7260be2a32f978d26

SHA256
921540ace19bc7820cf64667af13c4bb630cf685e2ca25e1115c6dfefc9f22dc

SHA512
6eef95dd6407de6259d0895d9e34e88ab4d02a586f664bc90b076a1877113857c07b6b26ece22a78ca256cc2f6559df3a620a7e685dbfcf731800a80543737e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3953.exe

Filesize
184KB

MD5
a87263bab12e31e55d420b3619db616a

SHA1
8b923e0cbbad0bd01f0e7d1ebc5c7a1b6c996cfd

SHA256
76004f760f6be8885e439c121e81db4b217445b12b7846084dd7f629a0422a66

SHA512
7f87c22903d05b4be3f6b3de8cf1285f11b55f4a2441c59cf88dbe7bce7c00670dd8ccb0669d7256103a0a90587d65d704f351755a393e6dd4a8ce0cf869cd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe

Filesize
184KB

MD5
188e01898cf7820717f616cd452478be

SHA1
788b5310ffa07eec50a8132da6f7cd7d749ea6d5

SHA256
e192826199c8d01152f199687568e234f475f1e0c1f2bbcab5504d6af30400d8

SHA512
f7dbfab751db6c06af2d48bd0cdce92d4a8da63493fe01df0fcde91836372c6bbb6cbc14e93f8ad37e85367325d0268968938ba347dcb00b625561bc694c92aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49963.exe

Filesize
184KB

MD5
5903e080dc3901e2f3bcd42e5ad0b578

SHA1
55ed879d868ffbbc34d4ab8199f45101d3b1e072

SHA256
fd1a01e756538e5bb06fe2ca4ad2ec9fd9b9268a3ca637c0ae1617a7c1b59d5f

SHA512
a2fcea1cb538e1672fdff643f691950bf6c6366996e78581eb1223336d9117f25ef9bba97cf81bd970263299e14a0b3c8c80e68c2ff0a11fef87aff45815ca81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50255.exe

Filesize
184KB

MD5
070951ae706cd3a66a1619c6fd716e65

SHA1
ae85bb2457bf5a6665f45b242525fb4c72ef6cc0

SHA256
f4b383dba653c998856d87ad1de1c2eabfc517fb34a7c4f0f448179d1b86fc76

SHA512
531e3294a9373a45b676b5cc6b944fe35974d570befb656fed9418bdb6a0c94e708482b113afce9fe0ba1155dc4a479d9cb5ab68418d2de98ddf56fe29020ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe

Filesize
184KB

MD5
620761268d2ba37002f12822f4a8e347

SHA1
245a697c38b83aa173f32c0c0207cdfd821f6452

SHA256
bba17279424d4fc0a8ddf488436048dd578da129390bdea6c7529d33fdb65762

SHA512
75e68b2a3dded3a2dbee850a0acd4778b8bee0698a637c64712f1752b9dac88ad13e11d884908f8cfd0ea16218acd9168750bc3578068befcc2cf3dbf72b177a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe

Filesize
184KB

MD5
1eb40d84132e1b301fb6651e68ef333d

SHA1
0d1c7e5dc62c85e675c9c7dfca08c3863712e284

SHA256
9a8151a5f91a758974c4d5f5b04bcbf202736c83e4945ce5e09598fb3a4ac3ba

SHA512
801c7f06a45e613a5fb4312b7dc6cb3015575d93272d3fbf29a3a47b3985ccc9aa097fc91cfaf1472e717ce1a753b7db23c206090b9545187101fcfd5b8f10b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe

Filesize
184KB

MD5
a7ec35124ad1bbee25cb99ff35eade1f

SHA1
ab90f993a99b218c470e77354b8f147f787ba37c

SHA256
07f5b4d4861af52acdb6a9e96d87e66f69ba375161aa15289bcc8fdfc5da8739

SHA512
c74fc6b2e459e327f9a9233625930e6407d4d83342c98d8d1c725b0e47a35e439978f10eff715980b86f646f4e111c5ae1519f552e553c287af8a11d778c80a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5653.exe

Filesize
184KB

MD5
a3ff1d107f36d338f11ee070a85bf665

SHA1
822b27464d67e720426e94506d5dfdeb24ba51db

SHA256
9de1e1cc9adcf5580326a286e7cf24239e93196c98ba3a055d5239614e7275cf

SHA512
b90b7f2757ac904a36b1e7337fea2313a00228660ebd62e97bf9575cc772f8bb10cea3946713f550216ec9c524115b49177de3881fba85a16a46afb96e34a954

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe

Filesize
184KB

MD5
3f38fb42dad323755fb8fc4a6252bd52

SHA1
50841e06852541b4aa079962d301d1c538911f28

SHA256
ea55520c870487ee2f160fbbbc96702caf01f3de77d704b9df0e5ce12c9ef4ef

SHA512
2daf1e67d9b299842fdde32990a92a22959bdd424e84a643e14f800c1ed37591ba57f30c8bd804417d23238ace621b5c5220ec0e0c90e767cd4bb12fbd6a5eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe

Filesize
184KB

MD5
8f26c4e8bfd65d80e0db8cf2c5bca1dc

SHA1
c851e3ed542e04166eed286dc9ec188e8f9ed1e4

SHA256
4f0286f1a6311a1fdede59f4d5e78b336e49a768972e0e624bb4c2545abc1f52

SHA512
de8dd0178b310f1193de5f967aaf6c03ae5fdc71a1745c9bc1e5fcf598fac11168a6de6e71183e0cd9a51030772add2868b54bc4f25a7d77dd40dc5e97c62d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61157.exe

Filesize
184KB

MD5
44e87d6bb88b5b4aee4d1bf6e64fb089

SHA1
9ecfcc99d16cf8d76acf95d33585738d4e005069

SHA256
5cf0325dd8382f3e14f51b410a2a100fec73ff50632efc0f920b071e9c51f32b

SHA512
856ee2d094ca141a3a135886692269732c78183836bb08ce7974eea17aa49e46ffb0939e2e45e17ecaebda7a6d33cef336b41feab8c08792fae4d7d647368cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe

Filesize
184KB

MD5
d4fb4b1b9dd5a0be7864b6d6d5a74338

SHA1
ecf03b240e5c4544c4e4e0bab5208707ed02d985

SHA256
1137f831a980765bd690e7083480ba5fb6a6677a97d97593e2ba113a1f3a54de

SHA512
52861f0dafdc9f5204ff6ad4dad6d3dc4f828f3dd4c1b73f951ee72d67c3b48b714c0cefc17bc306852befc2e71d1b8597f4aad347b4959e8aed0d426ca00ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe

Filesize
184KB

MD5
ca38cec28ed4de01bbdda06db4a6dc60

SHA1
32d789f293b38e4c43dbb1734bdc36572c1323d6

SHA256
3f63feb843aba94e2a09b4a9171ab76270630555480b3643a74daf59af46c322

SHA512
385fa10d75b1ce6826f857e26568b5b23d29645057e7a5a82c0e779900a7a534555f91c947bec937e69e19e4deff2a2d91b92804cc1155ae22e6dcf0da11e6d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe

Filesize
184KB

MD5
06d838ba13baf4626dca090aa3c0dacc

SHA1
fd8f4f793b61313ab44781457113fbb499cc256f

SHA256
728a5f4bd936f559edf042d38e28e5c0d3b70fa2d20effb59b17626dffcabc26

SHA512
b5c05c143bdcf10a9f3b6e9491f3eaba9ea73bae5267a37b0885f1907542abcc687655fd6daf2be75ed43c9882b62a00b589b133b50dfd66e365380c6afc81aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe

Filesize
184KB

MD5
231e83d8eca097494cdc4ae176f422ce

SHA1
9e6ce4e9ed3575304e1e3323b634784bb12856a7

SHA256
df8f4266c17f4c82dde011f38561297ce48d7b92d237ab93c784ab02dbf4ce13

SHA512
72d739ec8fc0a5451535cf5b3f05671335892947a79a689baa74a529e68794e8fea6ffa0e818d97158196259105f9485b7ce5756d0c4a1f47706be9378055434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24958.exe

Filesize
184KB

MD5
2308279f4af5f27b09db39c24de53dae

SHA1
02ef14ee08396d3d90fdd8a9ab74b0a2b085a369

SHA256
1c4d46bea34c13fa641ad1922e31bfff28965f3a10b4ad821ad4231f5a7256bf

SHA512
df8e9270b97e298c878d8788891fe158b767a0549b62a20318db458f86f3164ec79e92c46dda56cdce433b442f88240866156132cf8e781fa7eadde879945422

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe

Filesize
184KB

MD5
3d4cde5aec3b3f49f770d84aa45fc958

SHA1
dd822e4e96e86ccd7ef5786930e94f5970e33eca

SHA256
e60a0b77cc5d5280fdc52ae201013d9fa61b6f48bb9c1560e3655fa8c592d31d

SHA512
b2eed64fc215709ef735f8929dfdd92940ae49110dd260a8d3ffed66faa9ff2717aac2f49472838dfa77e54b396266d5b243f8411378541ca4e827c8265e4267

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe

Filesize
184KB

MD5
14e71283dc21f79eff101f3763e2c50e

SHA1
94c4af0efa7b827ad3fcb4494b8b3483f3bd5f51

SHA256
18c9dc4ff793ecfa6516d94a48c744af9d5bdca5a7f3866b65a697c8d0aa4c7a

SHA512
8b18e318f22b5b499b211a6344b72b17b98d7c9417728324b1c10b9fc5aa14629bf06d8d830dda2b27fb7da89b5240b27d85e4ca5adf31157e711f8d6108a940

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe

Filesize
184KB

MD5
58113c0c62132d1edd54ca664bddfab2

SHA1
2d9dbe682dd7a14c634f707d96889a28aada1482

SHA256
b2d5bea4e6cd900e1d4ccfc9e0f0fe3f680da93d557a865fcaef94f0183001c2

SHA512
66e7c199680eec1b95843d4069f7b5dec3d81628b281f0ec4ae4f15be561346d2283b20aaadc836a43b2532f5b026ea52fa134cb8dd68ac6d8c9a7f7c9ae00ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36088.exe

Filesize
184KB

MD5
29c97a57e3c1f4d7de2ddd70f36b5750

SHA1
b17a4c862b9202b5f38c6c1558748884ac72c0ac

SHA256
8f85179427e1bc38d1606e998372ab7286ec94dfa1eb12e9155a20cae154a242

SHA512
b8d8092cb797078e7d31605d8c4b9f03d1a5009a29e037b910ef7e82cc4cb2c6149606a2e0e5242c7dc8dc68214f9b6bcc3baa6dfe9a0322a10203a3958e6088

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe

Filesize
184KB

MD5
9e5382f29967548e42d411e55ed5f273

SHA1
b2f666bddce3aba7f9c38edcad4504ee776673ea

SHA256
637a0b0e41e07b37525cb95ca2fd80970b9c2b980f3e19df0953f4017198c863

SHA512
f2f536f106b9bae1fb61f5f7ce63bf60dae02ac5580f1202a69b80af6d57f79104b9bd26f62ccb4db2b40df3eec2324da89534dd8cc762dc5ef6b29911a2b5b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe

Filesize
184KB

MD5
506caf24bf59363dd2a3ff0d8904b78c

SHA1
60e3db93f0bc6abedd5e2c2d0c36fea8befe2bcf

SHA256
abe30992d7dcb14109bd9c10a7914596b2d4ab936cb214436f4ccfff08142397

SHA512
3139559c1b1e856b1b33c00f8c771858a9c706cc2774f45b7d3957a6d2a0bf2c209300672694e2b08a8c6a021c63810ac3e8b473190687ac9d944062663229c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe

Filesize
184KB

MD5
f88eda971ff025b4ebfbcafc12624e4b

SHA1
8fe2147e9c8c58d6d11fe823dec977ebd95df7e1

SHA256
cdacbee9daecb168865e70726fc37fe9893c98d77bd64028b893265cfea0181d

SHA512
666e47931ad5286d610fcd16f2dfbfe002295a892743cf37b9a32e47384787aaaeb1b2e7380258b451584113dd9e37f20bf4c20e0dc8fec48208862764a7d99a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe

Filesize
184KB

MD5
345fe7a0b4e3a1b672e7ec54b8796432

SHA1
c16e5b4c12b6a26287b58265d7e3b103a1029d88

SHA256
b9799f8fa83b660196c3cdc7a8eaecf3cbac5d4c56a2cf194e9bcd37d1ed3fbb

SHA512
b3ad6dfa35695e957d035f7d9938ae60dc304ee8588eb64e14df7907395a884a6f9a7961c39af477579f143716d755045242df59e4940dbf849548c70070a6e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe

Filesize
184KB

MD5
33aa8d4ab4de631bd9f194712c7acec0

SHA1
2a18fbfe1e2a65f5f904e30f66f36608c54e7d20

SHA256
3c53df4174ec05fe379b90c5fbbed750b16bd0b75d2f1c00950ee66d95f90ed7

SHA512
045896e581861c1865aeb55467621cf7ccde92cca5182584ac05ee22c55c76c380ef4b3484032bad6013b60ed542b9f0cab7ddef6cd9c0fae8b7d4725f9cc575

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads