384d4f3d63caf1e56a9f1781b7d0b9b972886b236b5f16a2d57da1359f0a51bd

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/05/2024, 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
Size

184KB
MD5

0fab3e69864980aa9fe7d3c9585b0500
SHA1

f70fccb3b743786b8c807af2145f173a158a328f
SHA256

384d4f3d63caf1e56a9f1781b7d0b9b972886b236b5f16a2d57da1359f0a51bd
SHA512

d39440a1a67a29e58b914ce03959b3037a707489d529816956be002bcc21219188925ada79ce4fcc893badbff340c82612c52aad57453d3ec7acd32e96ba83d2
SSDEEP

3072:PAFFdfoZTUCwd1zCW69lEzsIVvuqnviu7nr:PAto/s1zIlWsIVGqnviu7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3040	Unicorn-2704.exe
2956	Unicorn-52507.exe
3064	Unicorn-41646.exe
2508	Unicorn-54749.exe
2652	Unicorn-21976.exe
2376	Unicorn-24577.exe
1776	Unicorn-53680.exe
2992	Unicorn-53763.exe
800	Unicorn-7255.exe
936	Unicorn-51625.exe
2632	Unicorn-33151.exe
1196	Unicorn-5117.exe
2804	Unicorn-31104.exe
1652	Unicorn-45403.exe
872	Unicorn-35600.exe
1684	Unicorn-35372.exe
2120	Unicorn-58485.exe
852	Unicorn-16898.exe
2228	Unicorn-14851.exe
2552	Unicorn-59876.exe
2736	Unicorn-44095.exe
276	Unicorn-60452.exe
1188	Unicorn-48755.exe
3052	Unicorn-46062.exe
2092	Unicorn-19420.exe
1740	Unicorn-39840.exe
1368	Unicorn-62398.exe
1288	Unicorn-56268.exe
1712	Unicorn-61007.exe
620	Unicorn-39078.exe
2908	Unicorn-31407.exe
2168	Unicorn-43623.exe
1812	Unicorn-5283.exe
2828	Unicorn-50385.exe
2068	Unicorn-34603.exe
2904	Unicorn-62637.exe
2860	Unicorn-16129.exe
1924	Unicorn-40079.exe
2504	Unicorn-38033.exe
2612	Unicorn-48247.exe
2580	Unicorn-47982.exe
2656	Unicorn-46201.exe
2488	Unicorn-34433.exe
2444	Unicorn-5744.exe
2568	Unicorn-13820.exe
2356	Unicorn-48631.exe
1472	Unicorn-62060.exe
1364	Unicorn-56534.exe
2696	Unicorn-54753.exe
2316	Unicorn-15767.exe
3008	Unicorn-38325.exe
1248	Unicorn-32103.exe
1524	Unicorn-28019.exe
1664	Unicorn-15004.exe
1508	Unicorn-24489.exe
1360	Unicorn-28573.exe
848	Unicorn-48439.exe
2932	Unicorn-41593.exe
1096	Unicorn-41977.exe
2264	Unicorn-57759.exe
2024	Unicorn-2428.exe
2996	Unicorn-39285.exe
2220	Unicorn-18673.exe
1732	Unicorn-22757.exe

Loads dropped DLL 64 IoCs

pid	Process
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3040	Unicorn-2704.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3040	Unicorn-2704.exe
2956	Unicorn-52507.exe
2956	Unicorn-52507.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3064	Unicorn-41646.exe
3064	Unicorn-41646.exe
3040	Unicorn-2704.exe
3040	Unicorn-2704.exe
2508	Unicorn-54749.exe
2956	Unicorn-52507.exe
2508	Unicorn-54749.exe
2956	Unicorn-52507.exe
1776	Unicorn-53680.exe
1776	Unicorn-53680.exe
3064	Unicorn-41646.exe
2376	Unicorn-24577.exe
2376	Unicorn-24577.exe
3040	Unicorn-2704.exe
3064	Unicorn-41646.exe
3040	Unicorn-2704.exe
2652	Unicorn-21976.exe
2652	Unicorn-21976.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
2992	Unicorn-53763.exe
2992	Unicorn-53763.exe
2508	Unicorn-54749.exe
2508	Unicorn-54749.exe
800	Unicorn-7255.exe
800	Unicorn-7255.exe
2956	Unicorn-52507.exe
2956	Unicorn-52507.exe
936	Unicorn-51625.exe
936	Unicorn-51625.exe
1776	Unicorn-53680.exe
1776	Unicorn-53680.exe
2652	Unicorn-21976.exe
2652	Unicorn-21976.exe
1652	Unicorn-45403.exe
1652	Unicorn-45403.exe
2632	Unicorn-33151.exe
2632	Unicorn-33151.exe
2804	Unicorn-31104.exe
1196	Unicorn-5117.exe
2804	Unicorn-31104.exe
1196	Unicorn-5117.exe
3064	Unicorn-41646.exe
3064	Unicorn-41646.exe
872	Unicorn-35600.exe
2376	Unicorn-24577.exe
872	Unicorn-35600.exe
2376	Unicorn-24577.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3040	Unicorn-2704.exe
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3040	Unicorn-2704.exe
1684	Unicorn-35372.exe
1684	Unicorn-35372.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1700	2228	WerFault.exe	46
860	1288	WerFault.exe	54
2296	2444	WerFault.exe	72
660	872	WerFault.exe	42
2016	276	WerFault.exe	50
2896	1652	WerFault.exe	41
1164	852	WerFault.exe	45
2572	2068	WerFault.exe	62
1988	2436	WerFault.exe	109
1344	1696	WerFault.exe	108
3108	2092	WerFault.exe	53
3128	2508	WerFault.exe	31
3792	2404	WerFault.exe	148
3784	588	WerFault.exe	150
3776	1472	WerFault.exe	76
3768	1588	WerFault.exe	112
3800	848	WerFault.exe	90
3808	1944	WerFault.exe	114
3816	2856	WerFault.exe	157
3824	1664	WerFault.exe	84
3848	2684	WerFault.exe	149
3840	1212	WerFault.exe	154
3856	280	WerFault.exe	159
3832	2492	WerFault.exe	129
3872	1600	WerFault.exe	165
3088	2144	WerFault.exe	151
3104	2584	WerFault.exe	147
3116	3028	WerFault.exe	125
3136	1496	WerFault.exe	124
3400	272	WerFault.exe	163
3440	1984	WerFault.exe	141
3472	1552	WerFault.exe	160
3752	1712	WerFault.exe	56
3256	1364	WerFault.exe	77
3392	1524	WerFault.exe	85
3644	532	WerFault.exe	100
940	1732	WerFault.exe	99
3684	2336	WerFault.exe	122
4348	1052	WerFault.exe	131
4480	1848	WerFault.exe	113
4688	2976	WerFault.exe	118
4664	1188	WerFault.exe	49
4916	2924	WerFault.exe	121
5104	5080	WerFault.exe	315
4228	5064	WerFault.exe	314
4336	2904	WerFault.exe	63
4384	2696	WerFault.exe	79
4488	620	WerFault.exe	57
4964	2616	WerFault.exe	127
5152	2408	WerFault.exe	158
5172	2908	WerFault.exe	58
5180	3024	WerFault.exe	145
5416	2180	WerFault.exe	132
5424	2448	WerFault.exe	130
5408	1140	WerFault.exe	152
5400	3008	WerFault.exe	82
5544	1592	WerFault.exe	156
5584	1068	WerFault.exe	153
5320	4176	WerFault.exe	267
2172	2568	WerFault.exe	74
5940	1992	WerFault.exe	164
6572	1620	WerFault.exe	146
6556	2340	WerFault.exe	104
6544	3668	WerFault.exe	196

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
3040	Unicorn-2704.exe
2956	Unicorn-52507.exe
3064	Unicorn-41646.exe
2508	Unicorn-54749.exe
2652	Unicorn-21976.exe
2376	Unicorn-24577.exe
1776	Unicorn-53680.exe
2992	Unicorn-53763.exe
800	Unicorn-7255.exe
936	Unicorn-51625.exe
2632	Unicorn-33151.exe
1196	Unicorn-5117.exe
2804	Unicorn-31104.exe
1652	Unicorn-45403.exe
872	Unicorn-35600.exe
1684	Unicorn-35372.exe
2120	Unicorn-58485.exe
852	Unicorn-16898.exe
2736	Unicorn-44095.exe
2228	Unicorn-14851.exe
2552	Unicorn-59876.exe
276	Unicorn-60452.exe
1188	Unicorn-48755.exe
3052	Unicorn-46062.exe
1740	Unicorn-39840.exe
2092	Unicorn-19420.exe
1712	Unicorn-61007.exe
1288	Unicorn-56268.exe
1368	Unicorn-62398.exe
620	Unicorn-39078.exe
2908	Unicorn-31407.exe
2168	Unicorn-43623.exe
1812	Unicorn-5283.exe
2828	Unicorn-50385.exe
2068	Unicorn-34603.exe
2904	Unicorn-62637.exe
1924	Unicorn-40079.exe
2860	Unicorn-16129.exe
2580	Unicorn-47982.exe
2504	Unicorn-38033.exe
2612	Unicorn-48247.exe
2656	Unicorn-46201.exe
2488	Unicorn-34433.exe
2444	Unicorn-5744.exe
2356	Unicorn-48631.exe
1364	Unicorn-56534.exe
2696	Unicorn-54753.exe
2568	Unicorn-13820.exe
2316	Unicorn-15767.exe
3008	Unicorn-38325.exe
1472	Unicorn-62060.exe
1524	Unicorn-28019.exe
1248	Unicorn-32103.exe
1360	Unicorn-28573.exe
1508	Unicorn-24489.exe
1664	Unicorn-15004.exe
848	Unicorn-48439.exe
2932	Unicorn-41593.exe
2996	Unicorn-39285.exe
1096	Unicorn-41977.exe
1732	Unicorn-22757.exe
2024	Unicorn-2428.exe
2220	Unicorn-18673.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 3040	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 3040	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 3040	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 3040	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	28
PID 2888 wrote to memory of 2956	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2956	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2956	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	29
PID 2888 wrote to memory of 2956	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	29
PID 3040 wrote to memory of 3064	3040	Unicorn-2704.exe	30
PID 3040 wrote to memory of 3064	3040	Unicorn-2704.exe	30
PID 3040 wrote to memory of 3064	3040	Unicorn-2704.exe	30
PID 3040 wrote to memory of 3064	3040	Unicorn-2704.exe	30
PID 2956 wrote to memory of 2508	2956	Unicorn-52507.exe	31
PID 2956 wrote to memory of 2508	2956	Unicorn-52507.exe	31
PID 2956 wrote to memory of 2508	2956	Unicorn-52507.exe	31
PID 2956 wrote to memory of 2508	2956	Unicorn-52507.exe	31
PID 2888 wrote to memory of 2652	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	32
PID 2888 wrote to memory of 2652	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	32
PID 2888 wrote to memory of 2652	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	32
PID 2888 wrote to memory of 2652	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	32
PID 3064 wrote to memory of 1776	3064	Unicorn-41646.exe	33
PID 3064 wrote to memory of 1776	3064	Unicorn-41646.exe	33
PID 3064 wrote to memory of 1776	3064	Unicorn-41646.exe	33
PID 3064 wrote to memory of 1776	3064	Unicorn-41646.exe	33
PID 3040 wrote to memory of 2376	3040	Unicorn-2704.exe	34
PID 3040 wrote to memory of 2376	3040	Unicorn-2704.exe	34
PID 3040 wrote to memory of 2376	3040	Unicorn-2704.exe	34
PID 3040 wrote to memory of 2376	3040	Unicorn-2704.exe	34
PID 2508 wrote to memory of 2992	2508	Unicorn-54749.exe	35
PID 2508 wrote to memory of 2992	2508	Unicorn-54749.exe	35
PID 2508 wrote to memory of 2992	2508	Unicorn-54749.exe	35
PID 2508 wrote to memory of 2992	2508	Unicorn-54749.exe	35
PID 2956 wrote to memory of 800	2956	Unicorn-52507.exe	36
PID 2956 wrote to memory of 800	2956	Unicorn-52507.exe	36
PID 2956 wrote to memory of 800	2956	Unicorn-52507.exe	36
PID 2956 wrote to memory of 800	2956	Unicorn-52507.exe	36
PID 1776 wrote to memory of 936	1776	Unicorn-53680.exe	37
PID 1776 wrote to memory of 936	1776	Unicorn-53680.exe	37
PID 1776 wrote to memory of 936	1776	Unicorn-53680.exe	37
PID 1776 wrote to memory of 936	1776	Unicorn-53680.exe	37
PID 2376 wrote to memory of 2632	2376	Unicorn-24577.exe	39
PID 2376 wrote to memory of 2632	2376	Unicorn-24577.exe	39
PID 2376 wrote to memory of 2632	2376	Unicorn-24577.exe	39
PID 2376 wrote to memory of 2632	2376	Unicorn-24577.exe	39
PID 3064 wrote to memory of 1196	3064	Unicorn-41646.exe	38
PID 3064 wrote to memory of 1196	3064	Unicorn-41646.exe	38
PID 3064 wrote to memory of 1196	3064	Unicorn-41646.exe	38
PID 3064 wrote to memory of 1196	3064	Unicorn-41646.exe	38
PID 3040 wrote to memory of 2804	3040	Unicorn-2704.exe	40
PID 3040 wrote to memory of 2804	3040	Unicorn-2704.exe	40
PID 3040 wrote to memory of 2804	3040	Unicorn-2704.exe	40
PID 3040 wrote to memory of 2804	3040	Unicorn-2704.exe	40
PID 2652 wrote to memory of 1652	2652	Unicorn-21976.exe	41
PID 2652 wrote to memory of 1652	2652	Unicorn-21976.exe	41
PID 2652 wrote to memory of 1652	2652	Unicorn-21976.exe	41
PID 2652 wrote to memory of 1652	2652	Unicorn-21976.exe	41
PID 2888 wrote to memory of 872	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	42
PID 2888 wrote to memory of 872	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	42
PID 2888 wrote to memory of 872	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	42
PID 2888 wrote to memory of 872	2888	0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe	42
PID 2992 wrote to memory of 1684	2992	Unicorn-53763.exe	43
PID 2992 wrote to memory of 1684	2992	Unicorn-53763.exe	43
PID 2992 wrote to memory of 1684	2992	Unicorn-53763.exe	43
PID 2992 wrote to memory of 1684	2992	Unicorn-53763.exe	43

C:\Users\Admin\AppData\Local\Temp\0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\0fab3e69864980aa9fe7d3c9585b0500_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40131.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34938.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
        10⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        10⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 220
        10⤵
        Program crash
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29213.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55110.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        9⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 248
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 228
        9⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        9⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 220
        9⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        8⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        8⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 212
        9⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 216
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18365.exe
        9⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        9⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        8⤵
        Program crash
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        7⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        7⤵
        
        PID:9376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
        7⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 224
        8⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        7⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16324.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10020.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        7⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        7⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 248
        7⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        6⤵
        
        PID:588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 224
        7⤵
        Program crash
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        6⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 212
        7⤵
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33503.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
        6⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        6⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35284.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 228
        8⤵
        Program crash
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22766.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10994.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        6⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 224
        7⤵
        Program crash
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
        6⤵
        
        PID:4240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        6⤵
        
        PID:7688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        6⤵
        
        PID:8464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        6⤵
        
        PID:4700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        6⤵
        
        PID:9936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48112.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        8⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        7⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 228
        7⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
        6⤵
        
        PID:5680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 224
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
        5⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36195.exe
        6⤵
        
        PID:6196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        6⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        6⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56710.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27198.exe
        5⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        5⤵
        
        PID:9348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21792.exe
        5⤵
        
        PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 224
        7⤵
        Program crash
        
        PID:3800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        6⤵
        Program crash
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15907.exe
        6⤵
        
        PID:272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 208
        7⤵
        Program crash
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
        6⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19983.exe
        7⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15447.exe
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        6⤵
        
        PID:6904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        6⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        5⤵
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 224
        6⤵
        Program crash
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        5⤵
        
        PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        5⤵
        
        PID:9804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        5⤵
        Program crash
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        5⤵
        
        PID:2856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 224
        6⤵
        Program crash
        
        PID:3816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        5⤵
        Program crash
        
        PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
      4⤵
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18507.exe
        5⤵
        
        PID:4472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 228
        5⤵
        Program crash
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
      4⤵
      PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
      4⤵
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
      4⤵
      PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        8⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65241.exe
        8⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        8⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        8⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 224
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        7⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        7⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 248
        7⤵
        
        PID:7312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18078.exe
        7⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        7⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        6⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
        6⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
        6⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe
        6⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60987.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        6⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        8⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        8⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        7⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        7⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        7⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        7⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        7⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39217.exe
        7⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        6⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        7⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33718.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29356.exe
        7⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        6⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 212
        7⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        6⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        6⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        6⤵
        
        PID:8972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 248
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        6⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        6⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 188
        7⤵
        Program crash
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
        6⤵
        
        PID:8376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 228
        6⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        6⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        6⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35484.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        5⤵
        
        PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        5⤵
        
        PID:7700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        5⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        5⤵
        
        PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        7⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        7⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        7⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        6⤵
        
        PID:6816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        6⤵
        
        PID:7972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        6⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        7⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
        7⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        6⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        6⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        6⤵
        
        PID:7328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        6⤵
        
        PID:9796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        5⤵
        Program crash
        
        PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        5⤵
        
        PID:2144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 212
        6⤵
        Program crash
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exe
        5⤵
        
        PID:3720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 244
        5⤵
        Program crash
        
        PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
      4⤵
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11905.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        6⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        6⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
        5⤵
        
        PID:4808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 244
        5⤵
        Program crash
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
      4⤵
      PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51373.exe
        5⤵
        
        PID:4848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21629.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
      4⤵
      PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
      4⤵
      PID:6584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
      4⤵
      PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
      4⤵
      PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
      4⤵
      PID:8936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
      4⤵
      PID:9932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62398.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54503.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        7⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        7⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
        6⤵
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        6⤵
        
        PID:2772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 244
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        6⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 212
        7⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        6⤵
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        6⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56310.exe
        6⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30281.exe
        6⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        5⤵
        
        PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        5⤵
        
        PID:9048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 244
        5⤵
        
        PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        6⤵
        
        PID:280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 224
        7⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        7⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
        7⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 228
        7⤵
        
        PID:9440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 244
        6⤵
        Program crash
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
        5⤵
        
        PID:1552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 208
        6⤵
        Program crash
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        5⤵
        
        PID:6640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 244
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        5⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        7⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 228
        6⤵
        Program crash
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        5⤵
        
        PID:6656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 248
        5⤵
        
        PID:7300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4567.exe
      4⤵
      PID:1212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 224
        5⤵
        Program crash
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24402.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
      4⤵
      PID:4984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
      4⤵
      PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
      4⤵
      PID:8144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
      4⤵
      PID:9112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 244
      4⤵
      PID:9500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
        5⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        6⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        5⤵
        
        PID:4816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 244
        5⤵
        Program crash
        
        PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
      4⤵
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62697.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        5⤵
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        5⤵
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22188.exe
        5⤵
        
        PID:7360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        5⤵
        
        PID:9864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
      4⤵
      PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        5⤵
        
        PID:7484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 224
        5⤵
        
        PID:8348
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 248
      4⤵
      Program crash
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 224
      4⤵
      Program crash
      PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
      4⤵
      PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
      4⤵
      PID:8780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
    3⤵
    PID:4748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
    3⤵
    PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
    3⤵
    PID:6280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
    3⤵
    PID:7480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
    3⤵
    PID:6084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
        7⤵
        Executes dropped EXE
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        9⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64946.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
        8⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31985.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
        7⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 212
        8⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53601.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        7⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        7⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16291.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
        8⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        8⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        7⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56803.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        7⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43893.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        7⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        7⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        6⤵
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1992.exe
        6⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        6⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17027.exe
        6⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        6⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26912.exe
        9⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        9⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        8⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        8⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 228
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        8⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 212
        8⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        7⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        7⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        6⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        7⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32658.exe
        7⤵
        
        PID:9508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        7⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        7⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        6⤵
        
        PID:4880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        6⤵
        
        PID:6892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        6⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
        7⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14395.exe
        7⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29349.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56864.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55556.exe
        6⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        6⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        6⤵
        
        PID:9448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 224
        6⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        5⤵
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        6⤵
        
        PID:5436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 224
        6⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29338.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        5⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        5⤵
        
        PID:7260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 248
        5⤵
        
        PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        8⤵
        Program crash
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        7⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        7⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15605.exe
        6⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 212
        7⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        6⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        6⤵
        
        PID:6832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        6⤵
        
        PID:7964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-836.exe
        5⤵
        
        PID:2976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 244
        6⤵
        Program crash
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58047.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        5⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46001.exe
        5⤵
        
        PID:6768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        5⤵
        
        PID:7956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        5⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        6⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53047.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8359.exe
        8⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        8⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 224
        8⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        7⤵
        Program crash
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        7⤵
        
        PID:10164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
        6⤵
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19091.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        6⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        6⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22362.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38018.exe
        6⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46721.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        6⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 212
        7⤵
        
        PID:7796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
        6⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 244
        6⤵
        Program crash
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        5⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        6⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        6⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50722.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        5⤵
        
        PID:5364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
        5⤵
        
        PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
      4⤵
      PID:1696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        5⤵
        Program crash
        
        PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46908.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        6⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        6⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        6⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45043.exe
        6⤵
        
        PID:8116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        6⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        5⤵
        
        PID:4464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 224
        5⤵
        Program crash
        
        PID:5180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
      4⤵
      Program crash
      PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21278.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65531.exe
        10⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32909.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3889.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
        9⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 248
        8⤵
        Program crash
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36113.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38102.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        8⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 188
        9⤵
        Program crash
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 228
        8⤵
        Program crash
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        7⤵
        Program crash
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        6⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 212
        7⤵
        Program crash
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        6⤵
        
        PID:3712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 248
        6⤵
        Program crash
        
        PID:4336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 248
        5⤵
        Program crash
        
        PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1254.exe
        7⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 224
        7⤵
        Program crash
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8239.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        6⤵
        
        PID:8404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        6⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        5⤵
        
        PID:2404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 224
        6⤵
        Program crash
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19034.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        5⤵
        
        PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
        5⤵
        
        PID:9080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 244
        5⤵
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
      4⤵
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        6⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 148
        7⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:9380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7642.exe
        6⤵
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56022.exe
        5⤵
        
        PID:5672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 248
        5⤵
        Program crash
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
      4⤵
      PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
        5⤵
        
        PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        5⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
      4⤵
      PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
      4⤵
      PID:6796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28990.exe
      4⤵
      PID:8672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
      4⤵
      PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
      4⤵
      PID:5204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 224
      4⤵
      Program crash
      PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24350.exe
        5⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        6⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        5⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        5⤵
        
        PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52598.exe
        5⤵
        
        PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        5⤵
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        5⤵
        
        PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61661.exe
      4⤵
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23217.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        5⤵
        
        PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
      4⤵
      PID:5380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 244
      4⤵
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
    3⤵
    PID:1588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 224
      4⤵
      Program crash
      PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
    3⤵
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
      4⤵
      PID:8448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
      4⤵
      PID:9996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
    3⤵
    PID:5600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
    3⤵
    PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
    3⤵
    PID:7616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
    3⤵
    PID:8428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
    3⤵
    PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
    3⤵
    PID:10028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 244
        5⤵
        Program crash
        
        PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 248
      4⤵
      Program crash
      PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        5⤵
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 244
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        5⤵
        
        PID:1984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 212
        6⤵
        Program crash
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
        5⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        5⤵
        
        PID:5248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        5⤵
        
        PID:6408
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 244
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23202.exe
      4⤵
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        6⤵
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 228
        6⤵
        Program crash
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33176.exe
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        6⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        6⤵
        
        PID:8716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 212
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        5⤵
        
        PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8768.exe
        5⤵
        
        PID:7636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        5⤵
        
        PID:9940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        5⤵
        
        PID:6024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 228
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33068.exe
      4⤵
      PID:3564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 244
      4⤵
      Program crash
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 200
      4⤵
      Program crash
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59388.exe
    3⤵
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
      4⤵
      PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
      4⤵
      PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
      4⤵
      PID:9840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
    3⤵
    PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50994.exe
    3⤵
    PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
    3⤵
    PID:6172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
    3⤵
    PID:7660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
    3⤵
    PID:8512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
    3⤵
    PID:9736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28019.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        5⤵
        
        PID:2492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 224
        6⤵
        Program crash
        
        PID:3832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        5⤵
        Program crash
        
        PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        5⤵
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 212
        6⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        5⤵
        
        PID:4824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 224
        5⤵
        Program crash
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49294.exe
      4⤵
      PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        5⤵
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 220
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53222.exe
      4⤵
      PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
      4⤵
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28060.exe
      4⤵
      PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
      4⤵
      PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
      4⤵
      PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
      4⤵
      PID:6000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 248
    3⤵
    - Program crash
    PID:660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13820.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
        5⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22110.exe
        5⤵
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        5⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32308.exe
        5⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        5⤵
        
        PID:8988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        5⤵
        
        PID:10052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
      4⤵
      PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        5⤵
        
        PID:9612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      4⤵
      PID:5008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 248
      4⤵
      Program crash
      PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53327.exe
    3⤵
    PID:2584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 212
      4⤵
      Program crash
      PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25640.exe
    3⤵
    PID:3900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 228
    3⤵
    - Program crash
    PID:4488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62060.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 244
    3⤵
    - Program crash
    PID:3776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
  2⤵
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
    3⤵
    PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
    3⤵
    PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
    3⤵
    PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65027.exe
    3⤵
    PID:8420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
    3⤵
    PID:9468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
    3⤵
    PID:10200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
  2⤵
  PID:4456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
  2⤵
  PID:4612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
  2⤵
  PID:5936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
  2⤵
  PID:6960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
  2⤵
  PID:7600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
  2⤵
  PID:8488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1699.exe
  2⤵
  PID:9724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe

Filesize
184KB

MD5
305c1133d753c103ebf6aff826b075c9

SHA1
602a972ed7ace6e4382f2df30b3911c31e25ea8e

SHA256
2593ecca98d39c8c3f00a870792c546aefcf2a33adf683a87c864e2020c81e73

SHA512
5768bcb10ccae53de715d3ca5e69a2534126f1d612b4cfc51e3bb7eb4f1ca39e61b5d93387fb6c4a00f2d46c1a59171e550b54d3d60e624ebf108d1f3e48afc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23109.exe

Filesize
184KB

MD5
0e572548e0927f06115c41a70acb046d

SHA1
9ad969f9372a70256ff7e3ac2655fe27f8704a17

SHA256
14e978295ac876d7ee5591dcd730a158bf0e1d73d4233d215f902187c2f89dbf

SHA512
4a5be6d3084ed046f8211ffaf5d10526a51d06a3dfa2abd03d3d86473d8172a1b09497ffe64cd6b85b698b51f22f36c83cbbe1d91997a9b744004fea4781ec6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe

Filesize
184KB

MD5
4b1a39a6a74783ee2500808da86baa09

SHA1
dbd1256b9bb17d0a9bf09b42eea6936917edb37e

SHA256
95ec9bd6716053d12b6275a172b156480ef2489a6498725e6c290eb7a0fd3477

SHA512
2240892b374256b8de6b7c4082ea73b536c5fdf1f23095a83cc3175169257ff51ee039e5b57d6ae37f11514e18b2482b7dd27619d71e17763d02365892af5e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe

Filesize
184KB

MD5
22f87db9b6e9005158a28243561a42f6

SHA1
01c503b4d3a97caba0982681e9544735c5e9869c

SHA256
a8e9e4f1bd9a6c9bf8697082543aaad9b6f7a1cb480ae54ede5b0f4d7ded5e99

SHA512
531fddd309578b41babe90a7a6195c3942c94c553ac132ba64c08cd85c193e971760a867e6d5382219d278b23573768270e6fa27ad17128ad0aab3aa77f65b10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe

Filesize
184KB

MD5
6ce0868998ad867f56487f0b4398f4b5

SHA1
581091f324190a7c387f6824c96e3adad131d373

SHA256
729694d65591fd54230103dde821e0ec988a0c758deac4e39915b416a9e93333

SHA512
9ff74bb1c615c4fe3af47719c5c8a6bac2fd02a21d867284694c1caed429dce962ba2db740c5af2441e17067cdac58d3e8eb24dcd60e0353fc091be07521f3c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe

Filesize
184KB

MD5
b1c5fcc4e2af2de64921252d35b41c59

SHA1
b65bddf1163936ac38f884b687845599feac15b9

SHA256
5b05eb467a7108fe5264d6c3657591177d2fef5a0b278b7bbc2c2563aed63dcd

SHA512
dd84251283dc87689972deacadc6a57db90a6f2755f8c6a781efeb5b3a658713fe3401e443a529ecab6289844f98d559eaa57e635f9fa77be409e7dc314d6ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31104.exe

Filesize
184KB

MD5
d4213bd7df7b1eabd377cd25f5ba3e33

SHA1
e250b04ad2fc17c5a815b9cbabd7d5351aaf04fd

SHA256
5f8e2b86db42ef80bd0b0ed64e611cdba8c93b2ece9d8bf03819951894e38809

SHA512
73f20dbd48cf7197626383b9466ebba8dd810ddac2ef066314f6a04c9a9c703e2ad0b400527a8935df854e80b623a074129dd401c6223cc7f3887a9f77d36ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe

Filesize
184KB

MD5
de78839a32ecc2333cf4858a0ae29877

SHA1
335352fbc6b6dc36de0fdb2b204298396834289b

SHA256
fc3e2c14fabe534093afa305fbd6164e83bacfa63812b5dbd33f93f3065a230b

SHA512
37f7f757b4a099236d9fbb6d1dffa0b5e545b766e9b88570e0de6c5f643d1896e8f0260ff0b1552eb52fd673acb1f7798f18238f8681e3ef41a5ad257bf3ba4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35600.exe

Filesize
184KB

MD5
163c28feb1f5906b16ea361e97d7603e

SHA1
5322893cc9bb47ed6f6f642fb3948948cef46808

SHA256
8db71e700103caed45aa73e0269e87499eb5714d40309b82962022ec94ffa732

SHA512
78129834fbef8a16aab4d6cb6c3e2bf06756f9361e011d9b8b6780abdc56f50a9e823697df952db66fa321136286dc62710505cd145e4fa368c8260ec769d015

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe

Filesize
184KB

MD5
2a1d7c0ee4790e82f1158351e8d2dfb7

SHA1
e103b7ab1a0dbc128ab89f7284520aa2767316ab

SHA256
65ca0182f0ac898b7115f54497ccd708def030080c38ca7fb6376503269ac6cb

SHA512
bbc44e2e09248c890ab71d2fe1be30cf8a6076338e76e452695e9879fc8b60c70c64140b8297e3044c4cf70c2f0a208c4a06100a497a530671333e80bef80443

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe

Filesize
184KB

MD5
f05c974a5b676a1fec2ef936f2c3ba62

SHA1
b5ed0b934fe1a0376a215e600cf84e4d15d2629e

SHA256
d32f70ad8e14bacd53af87a669948feecf0837f8b48148659a7b496745020b3c

SHA512
41da1a1c8bb73130e27d81ba608fa47a769a6673825bf50641ecda5016021697cf3a9988b279f982a5d8255eae307983769d0fe260973b9126abf56ffe11d813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe

Filesize
184KB

MD5
fe8ef6f0629a5bd833c049ee4938dbc7

SHA1
424ba1b8b57c3fb8a9aacfe46a5002b3afba9d5c

SHA256
0a0a54eb26c9c0e9f33e3f1de56536124a3d6b03d0dccfcef0e72b1b42861f85

SHA512
918d60bee456b733ced686e96d2d6cbeefb952877e8305b7269316d7b87cae30ca16f5f630bcd9b3bbd4cb7c2b2a92fbec3ea4e5604f88eb74d2be116cdc1723

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44804.exe

Filesize
184KB

MD5
dcb8f50cc2004337fedbc7ccd0a22241

SHA1
510b50d543836b4968f6e944ca30edc7b51a8b80

SHA256
9bdda9830e54a3c479ee043b801c5e4fc82cf4ce071bb2d0ec531f6548684234

SHA512
81e3da23c111ade23ae2524feb2a02fd9e95350f3bd5e443fc68f83e76ec52d6183cc7dc892aac4e814cf7043ece8e0154578ae6477b30444b3837e0529ae174

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48521.exe

Filesize
184KB

MD5
fd51980caef6e90d0e567d174c1fa968

SHA1
192f3e92c26e21c0c9b2f7caf590bd7979e75c0a

SHA256
7b9a25bfbe63488ee2d8014a51a3c605eda0ad129a7cdcd13cf5345d357c23e7

SHA512
bf2768a6b632e71a33a08ec71d379373de3cdd3336e66a66cb1436219d7a0dbfbec9056e9133e9d5ab69f623fc9a943bc257c0644d50b7f0cf07d7720a6bbf4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe

Filesize
184KB

MD5
d459ed9c0338085ea98c2ec0bc5c133f

SHA1
e71436575ea3f5ee017a5454ad23f1d467094647

SHA256
1d04a5a9863a2233d15e8c5732f6e1aafbad309241b3713efc9eb5a4984534be

SHA512
4ea2e50b2359154c7940ee1f0a4e8283152e5757b9705d800d22a8cc4ca36171f2e234c7c5f37e830966b8b6990fc32b189fac375dc8e4b072cc8983519edd69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe

Filesize
184KB

MD5
82b978c1f294ab49ded4d5e6e6e951fe

SHA1
9e71ffd9a21f665eefb70ebfcdc56c62e40c12fa

SHA256
1ca4e4b3ea5501cc0cd7c7a9136d31bfc1cadb89e16bc12198887f5c17203310

SHA512
23a823ebc65ba46b240a143adf9a8b8190273efebae938c93b7401f7dc38bbaa6a2ac4ecc19ca2dea427286325ed1f2d12f510dec9687fcae8dcfcb670475bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe

Filesize
184KB

MD5
6ef46cecf7bcfd74b6d7ed425c4e2cef

SHA1
b7bcb4b8fe9582cce0ccfd527052cc39709929bd

SHA256
d290d08c8572771b61ab27ad24b62838e34bfd29d82e2e889cc3849d83660b92

SHA512
d2b52e54749beef002dbb25341bcf5d6abca7cda57f9b3205b8dc0b00030f8d0b3862ae930298fc828841f1bbdc4b99eb7802bba31fa751e602290871beef889

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe

Filesize
184KB

MD5
2b04a64a62febc5fd6009cb5bd21a3c7

SHA1
c90095baac511aa6b2157c97ecd18e15bf88e0fb

SHA256
db4ac3d43e98b8866acfbc572595c9eb9897360df9e16b984cf3b5b33fec7595

SHA512
5a7d0474af95ae5efb053c4d20923e2a2ba607b0905ffd7296b1aaf1cda3d5ca8184e3f0c4bfa6308a6f8c6cf6d78cbb2132a4d345750be8dc8bf85e26d9cbf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe

Filesize
184KB

MD5
5666a3a31e1b987fb8bf9854978e1ae6

SHA1
6aaa0e91cc01871adcec4535692d1ce2a49b7c12

SHA256
4398bbb13aa3245cd0356daf45e1da524dec3aab445fa9f043eed5d0ee0fcce4

SHA512
de86586574dfd96ab16e3bdfd0508434e3dbaf0b86c3ab58b2ad71989ffbd040e088ab760c5f29b16dbd08cfe3121f8bbced59a44c6bc4ca7aae5d68d64f2050

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe

Filesize
184KB

MD5
0fba77d55f681f30a676c0b26607fff3

SHA1
074379483e2aafa389afcace8faf9fde13cdafe6

SHA256
13229b473aede5899652dd612c663bf818fc5a363ec2fba3dd98e7f447a3dbdd

SHA512
60afd275ff5c3292d1954fc4f0b239854a64dd2fe3bb129306636a47231fbdd6e5f6582bffed724aabbbcc30904083617301a96204e80d2dc8bd83bc957a2bfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe

Filesize
184KB

MD5
a392698b55336da9365a6e5d1aa9762c

SHA1
3f10f132d359c2a0956ba4a7004f9e37995fd752

SHA256
ee23a2fa8cbe88f92e222fa99c11c2b647c88c3ca67b553f879c3767f71e07e5

SHA512
6412e230a93a51b630a5182d3f2b58bd8d07bc4a7e2dfb0c13251419b5b7bc275b86ad1753efed19425cb35599990ef3e37ef20a156504c4f7c10ac2750221c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe

Filesize
184KB

MD5
35da2d63c04e06760862f49963840e29

SHA1
9b8f2505ad8b10ffd1c59af26bbf057c8b609d43

SHA256
3f555e30ee3d6e6894e67e8db2e238c77679bbbad97fcc69e9273f395e6e83eb

SHA512
13e0054a9a58182a3cfbcc0c97561403979545b663e20ae8356d6ea30d5b6626ee00a239ec1e3c9b12f377619db47989775d1f63f176b953e7219d9bab769665

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe

Filesize
184KB

MD5
3bc4d7949fe2fae3424a216ac37a9e00

SHA1
9a84ac5c3d44827ed9865b6aa78649897e4f10fb

SHA256
0bc8452a92e83bf94a32a3da49533bbfa5662b2fb7ab7b28648fd383ce54dc79

SHA512
d18365cac8691e831800736cd98d6fa3aa8203c1b3397844e8d644746d3b184d8f8a7a19bb96cbbe4e0f1873fc16760dddb2daa054810e0c67d529a75b4d685b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe

Filesize
184KB

MD5
771748ba36f39158896f800e164219e2

SHA1
9bce1182862608c0f1169654c75ba75d7a285cfe

SHA256
747bbe035c08566d9569aae8ba3af96e6e9288a2ede221686e179a467c90f0fa

SHA512
70a7b982308653c2c259448f965a331e30ec7d21837b6ce178c1b6835a27bc5abe1953308d3ae052f00848cf02926d3d7e76461cea928ec0e66996ee781a7241

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe

Filesize
184KB

MD5
e0f94964fadcb3ea6436d98f3d5a728e

SHA1
e4b80f4bcccdb6c6ce5f557bd44375341a60cdd7

SHA256
955a2b6ccd1388783547a0c7e03b4cb50db825d60d6eac9da8be136553d8002d

SHA512
7510c81230acfc5605816b6c7773974127eba4775c34276992b1ac69c295c561a3b4e34433a8038c77b4b4286b7e02ac7de133542585c08cc4b2da6865def8eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe

Filesize
184KB

MD5
bb78a72e1fa30fef50d296239f5f7b5e

SHA1
335da2334359b7ec7ee8d939e5af656522f18ded

SHA256
f599ff37cda52079cef0af1763dad07d7069e89f96e5042ea3ec259f15a77743

SHA512
5fd7238d6cb68a87223dad6e17b929e276a6b52094c281c54d2a723f666b209ca66297ced4f6d35ec324827ca2fe09bc7f6530e3c57f14b0e3aefea2f0327852

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe

Filesize
184KB

MD5
c388c9d837b11563f6a6be3d22bd1a4a

SHA1
9d16d4b13f8835347443186bc7ec2203ca778147

SHA256
25c58d0044d962307b896dbfbfae8b28a7c96cf1422dd4a0edf093a65216e4a3

SHA512
908df7c1efc16f027a6fe1c94bbf24f2fbe297f3ab8b21bfbf0772639cd2ca6c6f8d073b2ece144deacf57c68d0764d2e7376b3ab14dfcda5872441b423d24fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe

Filesize
184KB

MD5
2d30f88545bf8cada68cc3f7caccca03

SHA1
a61848f76db3481046621b7c5ed51c540e5c0590

SHA256
a38e62ec66fa373379144b9208fb3254cebbe58ead3b5bd37c12db45a30b1e02

SHA512
0d0500d8e0b06c029090eb9618aea6d1cf6c17ecbc35e44129c074147635f8aa1524d47cc37d25dde86eebcf8ee8ab0ba250e6f4c700c065146e447227df9afb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe

Filesize
184KB

MD5
be53428e09885a9c0d6d73cb896e2fa7

SHA1
5820a326b9a6027c6e793d63556221e691680a79

SHA256
f753f2220b1659fb295ba4fe42f3e6fe515944e2df6923f813fcadc555e24277

SHA512
191a64770c993deafcbde561ca912513138a1b0647bd5c11fab7bef1642dc6b55acabfa9a6140afce8e01665ea115aa2abaec2dec5236c52930aa22174008cf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53763.exe

Filesize
184KB

MD5
ab0d8e02c873b83998d4acb12eaa6013

SHA1
19600592bf73401eaff6efd88400f2180fad145c

SHA256
d014c18c3b8bcd36c7d90df9df1c532418ab3f6cebf04863991ccda9efd67c55

SHA512
3fb271d880c5606c0990ac88c4a13a676e28ec4e9c3b0a8ebfb430956eaf00ceffecbbca4f48bcd1ed48f5eeff0b585285d0bb5ecae13cb49016891ecb67b40b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe

Filesize
184KB

MD5
367fbdc2daa42072df22edb0ce8a3c6e

SHA1
924de822aa7ad4fc85d007b0bf2688ceae35310c

SHA256
f5a97ca5cbe43e451b9e4b61ca1b43f656f6fc74ca9212c6bd3acc29fd7225ce

SHA512
5e11047340bdf301adebc6b4d126f99e3e167402058ebefed9049428023ae582bd0080aba4ba01f32b62ae956294940fab537de76655f9ad637cf6bfc28cd710

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58485.exe

Filesize
184KB

MD5
a9a53be1cbf235deee0eb78fc9b3667b

SHA1
3d36a92f0661d5d9cff22e3e3add44f2aefdaa64

SHA256
5c5c9021fab3c5de0a1c03270227836167ab4e3de35306ecb74a591bc6bad47d

SHA512
1b94d3b5af4320657d0d20df71a5de66d20a6c6e7a5850302ce053f933df72a7374f7cb8e56d3f8db2988aa11ab4d828e3198e214dbd64359adf84e1b72cd904

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7255.exe

Filesize
184KB

MD5
85177bd45c89a8e68a8b5834418eb47b

SHA1
bf4fd55a15ddc9b9e78f0f23d5df2b0c5670925b

SHA256
fa073c52237c29d74735f04ac39f0e2d9037316ec54e4992336652dc8fb4d3a6

SHA512
c5bfc96757a745abcfae91fc996fe39e917c734a55680a3da4642b548e76ac40ebe6a3bd9ae6e0b8f09a080de48bcf53a6f7b27a82bf4434400320f7edbcfca2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads