a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
Size

184KB
MD5

0fcbb48654737fb00df3878cd12798ae
SHA1

1d6ec31bf1f3e0c0858d28160c9ebbe4a7b3b7c4
SHA256

a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057
SHA512

1510d580b6da385114d49e38a96ca05eb1ca7d01d2bbbeb1922aca0ba7e6d5dafcc1be3e715fa21d9df6ae8f672ac70f0f3f07a76fbfce55dfb11fba5e8a036f
SSDEEP

3072:0RlCFTodpvfRdXag1SBVbGnOnvnqcviu0:0Ryo7XaZVanOnPqcviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2520	Unicorn-14048.exe
3020	Unicorn-51978.exe
3032	Unicorn-6306.exe
2628	Unicorn-31180.exe
2644	Unicorn-37311.exe
2464	Unicorn-22044.exe
2724	Unicorn-2178.exe
2508	Unicorn-59553.exe
3012	Unicorn-6823.exe
1804	Unicorn-44478.exe
2532	Unicorn-44789.exe
2040	Unicorn-60321.exe
2716	Unicorn-8167.exe
1632	Unicorn-21902.exe
2756	Unicorn-28033.exe
2060	Unicorn-37216.exe
1732	Unicorn-43651.exe
1868	Unicorn-23785.exe
1860	Unicorn-39659.exe
1500	Unicorn-29344.exe
1116	Unicorn-2458.exe
1152	Unicorn-37931.exe
1812	Unicorn-59328.exe
2396	Unicorn-59904.exe
2876	Unicorn-11315.exe
1548	Unicorn-7174.exe
792	Unicorn-11580.exe
1620	Unicorn-57828.exe
660	Unicorn-27040.exe
2420	Unicorn-20642.exe
2972	Unicorn-20642.exe
320	Unicorn-51622.exe
2892	Unicorn-5758.exe
952	Unicorn-47760.exe
1580	Unicorn-53890.exe
1624	Unicorn-18264.exe
1424	Unicorn-3454.exe
3044	Unicorn-31720.exe
2712	Unicorn-36895.exe
1184	Unicorn-11237.exe
2128	Unicorn-56796.exe
2552	Unicorn-54912.exe
2440	Unicorn-54912.exe
2452	Unicorn-9048.exe
2556	Unicorn-42297.exe
2132	Unicorn-48826.exe
2964	Unicorn-57756.exe
2748	Unicorn-35975.exe
2152	Unicorn-42105.exe
2952	Unicorn-37698.exe
2820	Unicorn-50605.exe
2732	Unicorn-60199.exe
2780	Unicorn-46464.exe
1068	Unicorn-792.exe
948	Unicorn-10403.exe
2272	Unicorn-10403.exe
1564	Unicorn-56843.exe
788	Unicorn-41575.exe
572	Unicorn-512.exe
2004	Unicorn-63397.exe
1768	Unicorn-33569.exe
1324	Unicorn-48286.exe
1824	Unicorn-13511.exe
2408	Unicorn-15649.exe

Loads dropped DLL 64 IoCs

pid	Process
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2520	Unicorn-14048.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2520	Unicorn-14048.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
3020	Unicorn-51978.exe
3020	Unicorn-51978.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2520	Unicorn-14048.exe
2520	Unicorn-14048.exe
3032	Unicorn-6306.exe
3032	Unicorn-6306.exe
2464	Unicorn-22044.exe
2464	Unicorn-22044.exe
3032	Unicorn-6306.exe
3032	Unicorn-6306.exe
2628	Unicorn-31180.exe
2628	Unicorn-31180.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2644	Unicorn-37311.exe
2644	Unicorn-37311.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
3020	Unicorn-51978.exe
2724	Unicorn-2178.exe
2520	Unicorn-14048.exe
3020	Unicorn-51978.exe
2724	Unicorn-2178.exe
2520	Unicorn-14048.exe
2508	Unicorn-59553.exe
2508	Unicorn-59553.exe
3012	Unicorn-6823.exe
3012	Unicorn-6823.exe
2464	Unicorn-22044.exe
2464	Unicorn-22044.exe
3032	Unicorn-6306.exe
3032	Unicorn-6306.exe
2532	Unicorn-44789.exe
2532	Unicorn-44789.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2716	Unicorn-8167.exe
3020	Unicorn-51978.exe
2716	Unicorn-8167.exe
3020	Unicorn-51978.exe
1632	Unicorn-21902.exe
1632	Unicorn-21902.exe
2520	Unicorn-14048.exe
2520	Unicorn-14048.exe
1804	Unicorn-44478.exe
1804	Unicorn-44478.exe
2628	Unicorn-31180.exe
2628	Unicorn-31180.exe
2644	Unicorn-37311.exe
2040	Unicorn-60321.exe
2644	Unicorn-37311.exe
2040	Unicorn-60321.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2028	2724	WerFault.exe	33
1636	2756	WerFault.exe	41
900	3012	WerFault.exe	36
2492	1812	WerFault.exe	49
1080	1548	WerFault.exe	54
2884	2892	WerFault.exe	63
2388	2556	WerFault.exe	76
2104	2732	WerFault.exe	84
2180	2452	WerFault.exe	75
2268	2952	WerFault.exe	82
960	2876	WerFault.exe	52
1608	2396	WerFault.exe	51
1472	2420	WerFault.exe	60
1400	572	WerFault.exe	91
3016	2004	WerFault.exe	92
2540	2204	WerFault.exe	102
584	1184	WerFault.exe	70
2136	1324	WerFault.exe	97
2108	2032	WerFault.exe	130
2444	2964	WerFault.exe	78
3288	2532	WerFault.exe	38
3296	1804	WerFault.exe	37
3676	2972	WerFault.exe	59
3832	948	WerFault.exe	87
4044	2344	WerFault.exe	120
4072	2552	WerFault.exe	74
3148	1620	WerFault.exe	56
3192	2384	WerFault.exe	132
3652	1628	WerFault.exe	190
3132	1408	WerFault.exe	156
4640	2800	WerFault.exe	155
4344	1648	WerFault.exe	187
4528	768	WerFault.exe	117
4860	2272	WerFault.exe	88
5272	3228	WerFault.exe	238
5280	3960	WerFault.exe	224
5260	1984	WerFault.exe	159
5876	3096	WerFault.exe	194
6156	784	WerFault.exe	168
6300	1072	WerFault.exe	183
6556	1700	WerFault.exe	142
6280	3844	WerFault.exe	220
6516	2844	WerFault.exe	184
7064	3892	WerFault.exe	222
5144	3876	WerFault.exe	221
7012	3176	WerFault.exe	235
6572	3376	WerFault.exe	203
7180	3540	WerFault.exe	243
7228	3528	WerFault.exe	208
7384	2228	WerFault.exe	144
7472	3620	WerFault.exe	211
7620	3944	WerFault.exe	245
7644	2408	WerFault.exe	95
7764	1732	WerFault.exe	44
7772	2460	WerFault.exe	152
8076	1980	WerFault.exe	127
7280	1820	WerFault.exe	179
7904	2056	WerFault.exe	158
7876	3672	WerFault.exe	244
7936	3588	WerFault.exe	210
7640	3052	WerFault.exe	109
8920	1344	WerFault.exe	148
8956	700	WerFault.exe	126
8240	8020	WerFault.exe	682

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
2520	Unicorn-14048.exe
3020	Unicorn-51978.exe
3032	Unicorn-6306.exe
2464	Unicorn-22044.exe
2644	Unicorn-37311.exe
2628	Unicorn-31180.exe
2724	Unicorn-2178.exe
2508	Unicorn-59553.exe
3012	Unicorn-6823.exe
2532	Unicorn-44789.exe
2040	Unicorn-60321.exe
2716	Unicorn-8167.exe
1632	Unicorn-21902.exe
2756	Unicorn-28033.exe
1804	Unicorn-44478.exe
2060	Unicorn-37216.exe
1732	Unicorn-43651.exe
1868	Unicorn-23785.exe
1860	Unicorn-39659.exe
1500	Unicorn-29344.exe
1116	Unicorn-2458.exe
1152	Unicorn-37931.exe
792	Unicorn-11580.exe
1812	Unicorn-59328.exe
1548	Unicorn-7174.exe
2396	Unicorn-59904.exe
2876	Unicorn-11315.exe
1620	Unicorn-57828.exe
660	Unicorn-27040.exe
2420	Unicorn-20642.exe
2972	Unicorn-20642.exe
320	Unicorn-51622.exe
2892	Unicorn-5758.exe
1580	Unicorn-53890.exe
952	Unicorn-47760.exe
1624	Unicorn-18264.exe
1424	Unicorn-3454.exe
3044	Unicorn-31720.exe
2712	Unicorn-36895.exe
1184	Unicorn-11237.exe
2128	Unicorn-56796.exe
2552	Unicorn-54912.exe
2440	Unicorn-54912.exe
2452	Unicorn-9048.exe
2132	Unicorn-48826.exe
2556	Unicorn-42297.exe
2964	Unicorn-57756.exe
2748	Unicorn-35975.exe
2952	Unicorn-37698.exe
2780	Unicorn-46464.exe
2152	Unicorn-42105.exe
2820	Unicorn-50605.exe
2732	Unicorn-60199.exe
1068	Unicorn-792.exe
948	Unicorn-10403.exe
2272	Unicorn-10403.exe
1564	Unicorn-56843.exe
788	Unicorn-41575.exe
572	Unicorn-512.exe
2004	Unicorn-63397.exe
1768	Unicorn-33569.exe
2408	Unicorn-15649.exe
1324	Unicorn-48286.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2520	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	28
PID 1660 wrote to memory of 2520	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	28
PID 1660 wrote to memory of 2520	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	28
PID 1660 wrote to memory of 2520	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	28
PID 1660 wrote to memory of 3020	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	30
PID 1660 wrote to memory of 3020	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	30
PID 1660 wrote to memory of 3020	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	30
PID 1660 wrote to memory of 3020	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	30
PID 2520 wrote to memory of 3032	2520	Unicorn-14048.exe	29
PID 2520 wrote to memory of 3032	2520	Unicorn-14048.exe	29
PID 2520 wrote to memory of 3032	2520	Unicorn-14048.exe	29
PID 2520 wrote to memory of 3032	2520	Unicorn-14048.exe	29
PID 3020 wrote to memory of 2644	3020	Unicorn-51978.exe	32
PID 3020 wrote to memory of 2644	3020	Unicorn-51978.exe	32
PID 3020 wrote to memory of 2644	3020	Unicorn-51978.exe	32
PID 3020 wrote to memory of 2644	3020	Unicorn-51978.exe	32
PID 1660 wrote to memory of 2628	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	31
PID 1660 wrote to memory of 2628	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	31
PID 1660 wrote to memory of 2628	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	31
PID 1660 wrote to memory of 2628	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	31
PID 2520 wrote to memory of 2724	2520	Unicorn-14048.exe	33
PID 2520 wrote to memory of 2724	2520	Unicorn-14048.exe	33
PID 2520 wrote to memory of 2724	2520	Unicorn-14048.exe	33
PID 2520 wrote to memory of 2724	2520	Unicorn-14048.exe	33
PID 3032 wrote to memory of 2464	3032	Unicorn-6306.exe	34
PID 3032 wrote to memory of 2464	3032	Unicorn-6306.exe	34
PID 3032 wrote to memory of 2464	3032	Unicorn-6306.exe	34
PID 3032 wrote to memory of 2464	3032	Unicorn-6306.exe	34
PID 2464 wrote to memory of 2508	2464	Unicorn-22044.exe	35
PID 2464 wrote to memory of 2508	2464	Unicorn-22044.exe	35
PID 2464 wrote to memory of 2508	2464	Unicorn-22044.exe	35
PID 2464 wrote to memory of 2508	2464	Unicorn-22044.exe	35
PID 3032 wrote to memory of 3012	3032	Unicorn-6306.exe	36
PID 3032 wrote to memory of 3012	3032	Unicorn-6306.exe	36
PID 3032 wrote to memory of 3012	3032	Unicorn-6306.exe	36
PID 3032 wrote to memory of 3012	3032	Unicorn-6306.exe	36
PID 2628 wrote to memory of 1804	2628	Unicorn-31180.exe	37
PID 2628 wrote to memory of 1804	2628	Unicorn-31180.exe	37
PID 2628 wrote to memory of 1804	2628	Unicorn-31180.exe	37
PID 2628 wrote to memory of 1804	2628	Unicorn-31180.exe	37
PID 2644 wrote to memory of 2040	2644	Unicorn-37311.exe	39
PID 2644 wrote to memory of 2040	2644	Unicorn-37311.exe	39
PID 2644 wrote to memory of 2040	2644	Unicorn-37311.exe	39
PID 2644 wrote to memory of 2040	2644	Unicorn-37311.exe	39
PID 1660 wrote to memory of 2532	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	38
PID 1660 wrote to memory of 2532	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	38
PID 1660 wrote to memory of 2532	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	38
PID 1660 wrote to memory of 2532	1660	a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe	38
PID 3020 wrote to memory of 2716	3020	Unicorn-51978.exe	40
PID 3020 wrote to memory of 2716	3020	Unicorn-51978.exe	40
PID 3020 wrote to memory of 2716	3020	Unicorn-51978.exe	40
PID 3020 wrote to memory of 2716	3020	Unicorn-51978.exe	40
PID 2724 wrote to memory of 2756	2724	Unicorn-2178.exe	41
PID 2724 wrote to memory of 2756	2724	Unicorn-2178.exe	41
PID 2724 wrote to memory of 2756	2724	Unicorn-2178.exe	41
PID 2724 wrote to memory of 2756	2724	Unicorn-2178.exe	41
PID 2520 wrote to memory of 1632	2520	Unicorn-14048.exe	42
PID 2520 wrote to memory of 1632	2520	Unicorn-14048.exe	42
PID 2520 wrote to memory of 1632	2520	Unicorn-14048.exe	42
PID 2520 wrote to memory of 1632	2520	Unicorn-14048.exe	42
PID 2508 wrote to memory of 2060	2508	Unicorn-59553.exe	43
PID 2508 wrote to memory of 2060	2508	Unicorn-59553.exe	43
PID 2508 wrote to memory of 2060	2508	Unicorn-59553.exe	43
PID 2508 wrote to memory of 2060	2508	Unicorn-59553.exe	43

C:\Users\Admin\AppData\Local\Temp\a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe
"C:\Users\Admin\AppData\Local\Temp\a7aa85feffa0d8344abc5e00eaea8ba539f8f65b5348105eab1dc4217c30a057.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        11⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        11⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        11⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        11⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        10⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        10⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
        10⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54334.exe
        10⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
        9⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 224
        10⤵
        Program crash
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        9⤵
        Program crash
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        8⤵
        Program crash
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        10⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29141.exe
        10⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        10⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5191.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        9⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
        9⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
        9⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38434.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 228
        9⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
        8⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 248
        8⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 244
        9⤵
        Program crash
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 228
        8⤵
        Program crash
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34805.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26416.exe
        8⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        8⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21209.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        7⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        9⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        8⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        8⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        8⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        8⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        8⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        7⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        7⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49592.exe
        7⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
        7⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
        6⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        8⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        8⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9251.exe
        8⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        7⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        7⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 244
        7⤵
        
        PID:9772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        6⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16185.exe
        7⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
        7⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12441.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        7⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        7⤵
        
        PID:12120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        6⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        6⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13131.exe
        6⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 188
        7⤵
        Program crash
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        6⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
        6⤵
        
        PID:11244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        6⤵
        
        PID:11364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        7⤵
        Program crash
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        8⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 228
        8⤵
        Program crash
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        7⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 228
        7⤵
        Program crash
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58016.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60601.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
        6⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        6⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        6⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        6⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22574.exe
        6⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
        7⤵
        Program crash
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39918.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
        7⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        7⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        7⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
        6⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59791.exe
        6⤵
        
        PID:9080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        6⤵
        
        PID:10488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24933.exe
        7⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        7⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        7⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        7⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        7⤵
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        6⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        6⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        5⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        6⤵
        
        PID:4168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        6⤵
        Program crash
        
        PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        5⤵
        
        PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        5⤵
        
        PID:7488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 244
        5⤵
        
        PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19779.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65128.exe
        10⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 228
        10⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        9⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        9⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 224
        9⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        8⤵
        Program crash
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35746.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 244
        9⤵
        Program crash
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        8⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2662.exe
        8⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        8⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        8⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        8⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 244
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe
        9⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        9⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49102.exe
        9⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        8⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        8⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        8⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        8⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        7⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40158.exe
        7⤵
        
        PID:11144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59981.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47009.exe
        8⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15315.exe
        8⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        7⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 244
        7⤵
        Program crash
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
        6⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        7⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 244
        7⤵
        Program crash
        
        PID:7472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44189.exe
        6⤵
        
        PID:5796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 244
        6⤵
        Program crash
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        5⤵
        Program crash
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        7⤵
        Program crash
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        7⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23397.exe
        8⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        8⤵
        Program crash
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50839.exe
        7⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        7⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24052.exe
        7⤵
        
        PID:10512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        6⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        7⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        7⤵
        Program crash
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        6⤵
        
        PID:4932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
        6⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19587.exe
        6⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 244
        6⤵
        Program crash
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        5⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
        6⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13698.exe
        7⤵
        
        PID:12112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 248
        6⤵
        Program crash
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        6⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        6⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        6⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        6⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        5⤵
        
        PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36192.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        5⤵
        
        PID:11940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        7⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 228
        7⤵
        Program crash
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17908.exe
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        6⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43496.exe
        6⤵
        
        PID:10928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        5⤵
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52497.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        6⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        6⤵
        
        PID:7804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        5⤵
        
        PID:8048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 248
        5⤵
        
        PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24280.exe
      4⤵
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
        7⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 244
        7⤵
        
        PID:11256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        6⤵
        
        PID:4744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe
        6⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        6⤵
        
        PID:10264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        6⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        5⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32840.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39561.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        6⤵
        
        PID:9016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
        6⤵
        
        PID:11232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        5⤵
        
        PID:9032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        5⤵
        
        PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        5⤵
        
        PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
      4⤵
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45005.exe
        5⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
        6⤵
        
        PID:5596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 224
        6⤵
        Program crash
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30519.exe
        5⤵
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        5⤵
        
        PID:5948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 248
        5⤵
        Program crash
        
        PID:7772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
      4⤵
      PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        5⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37394.exe
        5⤵
        
        PID:8140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 248
        5⤵
        
        PID:8380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
      4⤵
      PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25229.exe
      4⤵
      PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50173.exe
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
      4⤵
      PID:11052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
      4⤵
      PID:11544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 248
      4⤵
      Program crash
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        6⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 224
        7⤵
        Program crash
        
        PID:2108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 248
        6⤵
        Program crash
        
        PID:2444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 248
        5⤵
        Program crash
        
        PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 224
        5⤵
        Program crash
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
      4⤵
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        5⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
        6⤵
        
        PID:8712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        6⤵
        
        PID:11060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        6⤵
        
        PID:11436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        5⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        5⤵
        
        PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        5⤵
        
        PID:7632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        5⤵
        
        PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59244.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
      4⤵
      PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
      4⤵
      PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45245.exe
      4⤵
      PID:8644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52281.exe
      4⤵
      PID:10732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
      4⤵
      PID:12104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 244
        5⤵
        Program crash
        
        PID:2180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
      4⤵
      Program crash
      PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
      4⤵
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        5⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        6⤵
        
        PID:7052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        6⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15488.exe
        6⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37489.exe
        6⤵
        
        PID:10412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        5⤵
        
        PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        5⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        5⤵
        
        PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
        5⤵
        
        PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42685.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        5⤵
        
        PID:7980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        5⤵
        
        PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41975.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64962.exe
      4⤵
      PID:7204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17972.exe
      4⤵
      PID:9064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
      4⤵
      PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
      4⤵
      PID:11324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
    3⤵
    PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
      4⤵
      PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        5⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        5⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        5⤵
        
        PID:10476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
      4⤵
      PID:6828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
      4⤵
      PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
      4⤵
      PID:9984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
      4⤵
      PID:10904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21451.exe
    3⤵
    PID:3960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 224
      4⤵
      Program crash
      PID:5280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
    3⤵
    PID:6704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20038.exe
    3⤵
    PID:8648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57875.exe
    3⤵
    PID:9676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
    3⤵
    PID:10460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10660.exe
        9⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 224
        9⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32023.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
        8⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        8⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        8⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        8⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 216
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        7⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50880.exe
        7⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        7⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        7⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32803.exe
        7⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        8⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        8⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        7⤵
        Program crash
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8210.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        7⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        7⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        7⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
        7⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36704.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        6⤵
        
        PID:10004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        6⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46296.exe
        6⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55839.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
        9⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        9⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        9⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62505.exe
        8⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18184.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15879.exe
        8⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        7⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31303.exe
        7⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        7⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 220
        7⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        6⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
        7⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 228
        7⤵
        Program crash
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
        6⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        7⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 244
        7⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        6⤵
        
        PID:7792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        6⤵
        
        PID:10548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65186.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        7⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
        7⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16083.exe
        7⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
        7⤵
        
        PID:11408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        6⤵
        
        PID:6988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58257.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        6⤵
        
        PID:10032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 228
        6⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        5⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        6⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        6⤵
        
        PID:11140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        5⤵
        
        PID:4888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54074.exe
        5⤵
        
        PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        5⤵
        
        PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        5⤵
        
        PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        5⤵
        
        PID:10824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 224
        6⤵
        Program crash
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        6⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        7⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        7⤵
        Program crash
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32728.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        6⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        6⤵
        
        PID:8932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 244
        6⤵
        
        PID:9524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 244
        5⤵
        Program crash
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        7⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 228
        7⤵
        Program crash
        
        PID:6516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        6⤵
        
        PID:4312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        6⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
        6⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44740.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45419.exe
        6⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        6⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        5⤵
        
        PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14231.exe
        5⤵
        
        PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        5⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        7⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        7⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 240
        7⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        6⤵
        
        PID:7244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        6⤵
        
        PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
        5⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
        5⤵
        
        PID:7512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        5⤵
        
        PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
      4⤵
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        5⤵
        
        PID:4112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        5⤵
        
        PID:5892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 224
        5⤵
        Program crash
        
        PID:7280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
      4⤵
      PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
      4⤵
      PID:7496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
      4⤵
      PID:10940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
      4⤵
      PID:11316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 224
        5⤵
        Program crash
        
        PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26805.exe
        5⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        7⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        7⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        6⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        6⤵
        
        PID:11040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        
        PID:11488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        5⤵
        Program crash
        
        PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
      4⤵
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        5⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        6⤵
        
        PID:5648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 228
        6⤵
        Program crash
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        5⤵
        
        PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        5⤵
        
        PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        5⤵
        
        PID:8428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1924.exe
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35598.exe
        5⤵
        
        PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
      4⤵
      PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        5⤵
        
        PID:6784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 240
        5⤵
        
        PID:8584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
      4⤵
      PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      4⤵
      PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
      4⤵
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28889.exe
      4⤵
      PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
      4⤵
      PID:11104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37931.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
        6⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 224
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        6⤵
        
        PID:5476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 248
        6⤵
        Program crash
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        5⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26704.exe
        6⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29790.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        6⤵
        
        PID:7828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        6⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34515.exe
        6⤵
        
        PID:10520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
        5⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53240.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        5⤵
        
        PID:10024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        5⤵
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
      4⤵
      PID:2384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 224
        5⤵
        Program crash
        
        PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        5⤵
        
        PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        5⤵
        
        PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
        5⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10022.exe
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
      4⤵
      PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43412.exe
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
      4⤵
      PID:8964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      4⤵
      PID:9552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
      4⤵
      PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
      4⤵
      PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 244
        5⤵
        Program crash
        
        PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
      4⤵
      PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14860.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        5⤵
        
        PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        5⤵
        
        PID:9060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 244
        5⤵
        
        PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49709.exe
      4⤵
      PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60.exe
      4⤵
      PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
      4⤵
      PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
      4⤵
      PID:9396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
      4⤵
      PID:10624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 248
      4⤵
      PID:12000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
    3⤵
    PID:700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
      4⤵
      PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        5⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        5⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        5⤵
        
        PID:10504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
      4⤵
      PID:6980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 248
      4⤵
      Program crash
      PID:8956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
    3⤵
    PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
      4⤵
      PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12992.exe
      4⤵
      PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
      4⤵
      PID:9896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 224
      4⤵
      PID:10796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
    3⤵
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
    3⤵
    PID:7024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
    3⤵
    PID:8912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
    3⤵
    PID:10144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53155.exe
    3⤵
    PID:10392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31180.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        8⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32469.exe
        8⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        8⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9962.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        7⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        7⤵
        Program crash
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        7⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        7⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        6⤵
        
        PID:9856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        6⤵
        
        PID:11028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        6⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
        5⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44884.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        7⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        7⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        7⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38218.exe
        7⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        7⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
        6⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-868.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        6⤵
        
        PID:7672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 244
        6⤵
        
        PID:9196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53654.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17014.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
        6⤵
        
        PID:8536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 228
        6⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46008.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29223.exe
        5⤵
        
        PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        5⤵
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        5⤵
        
        PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        6⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        7⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        7⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        6⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        6⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42549.exe
        6⤵
        
        PID:12248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        5⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        6⤵
        
        PID:4696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 228
        6⤵
        Program crash
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50495.exe
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19475.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        6⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        6⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        6⤵
        
        PID:10340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58369.exe
        6⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        5⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        5⤵
        
        PID:10536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 248
      4⤵
      Program crash
      PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7174.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
      4⤵
      Program crash
      PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 224
      4⤵
      Program crash
      PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
    3⤵
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45093.exe
      4⤵
      PID:1648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        5⤵
        Program crash
        
        PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
      4⤵
      PID:5712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
      4⤵
      PID:9680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
      4⤵
      PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52606.exe
      4⤵
      PID:12088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
    3⤵
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17713.exe
      4⤵
      PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
      4⤵
      PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
      4⤵
      PID:8724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
      4⤵
      PID:10772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
      4⤵
      PID:12156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
    3⤵
    PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13593.exe
    3⤵
    PID:8148
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 224
    3⤵
    PID:8388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54583.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
        8⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 224
        8⤵
        Program crash
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64703.exe
        7⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        7⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34748.exe
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        7⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        7⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2140.exe
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        7⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        7⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 244
        7⤵
        Program crash
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        6⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        6⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        6⤵
        
        PID:11108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        6⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        6⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
        7⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        7⤵
        
        PID:11564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        6⤵
        Program crash
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        5⤵
        
        PID:3508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        6⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29691.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        7⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51509.exe
        6⤵
        
        PID:7444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 248
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        5⤵
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25686.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        5⤵
        
        PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13511.exe
      4⤵
      Executes dropped EXE
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        5⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51776.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52001.exe
        6⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8849.exe
        6⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        5⤵
        
        PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
        5⤵
        
        PID:7520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 244
        5⤵
        
        PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        5⤵
        
        PID:7172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 248
        5⤵
        
        PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
      4⤵
      PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
      4⤵
      PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
      4⤵
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39445.exe
      4⤵
      PID:12152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31720.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
      4⤵
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34382.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62396.exe
        6⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
        6⤵
        
        PID:11068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        6⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        5⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
        5⤵
        
        PID:6312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        5⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34565.exe
        5⤵
        
        PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16846.exe
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        5⤵
        
        PID:7304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
        5⤵
        
        PID:8328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
      4⤵
      PID:7456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
      4⤵
      PID:11892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
    3⤵
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
      4⤵
      PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40995.exe
        5⤵
        
        PID:6904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 248
        5⤵
        
        PID:8396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      4⤵
      PID:11520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 248
    3⤵
    - Program crash
    PID:3288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
      4⤵
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        5⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        6⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        7⤵
        
        PID:11852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
        6⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6650.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        6⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
        5⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        6⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13264.exe
        5⤵
        
        PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        5⤵
        
        PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        5⤵
        
        PID:5340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        5⤵
        Program crash
        
        PID:7904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
      4⤵
      PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
      4⤵
      PID:9012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
      4⤵
      PID:10376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 248
      4⤵
      PID:240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
    3⤵
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
      4⤵
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        5⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        6⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        6⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        6⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        5⤵
        
        PID:6204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        5⤵
        Program crash
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
      4⤵
      PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15007.exe
        5⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
        5⤵
        
        PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58944.exe
        5⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        5⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17823.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
      4⤵
      PID:9036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
      4⤵
      PID:10964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
    3⤵
    PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
      4⤵
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
        5⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        5⤵
        
        PID:8100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 228
        5⤵
        
        PID:8884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
      4⤵
      PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      4⤵
      PID:7252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 244
      4⤵
      PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
      4⤵
      PID:5412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
      4⤵
      PID:7416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
      4⤵
      PID:9224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2852.exe
      4⤵
      PID:10452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
      4⤵
      PID:11976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
    3⤵
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
    3⤵
    PID:5704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
    3⤵
    PID:7688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
    3⤵
    PID:9364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
    3⤵
    PID:10596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
    3⤵
    PID:11872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15421.exe
    3⤵
    PID:2204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 224
      4⤵
      Program crash
      PID:2540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
    3⤵
    - Program crash
    PID:584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
  2⤵
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
    3⤵
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
      4⤵
      PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
      4⤵
      PID:7564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
      4⤵
      PID:8236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-151.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
    3⤵
    PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
    3⤵
    PID:7756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57193.exe
    3⤵
    PID:9176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
    3⤵
    PID:10560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7883.exe
    3⤵
    PID:11952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
  2⤵
  PID:820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33974.exe
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
    3⤵
    PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
    3⤵
    PID:7404
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 228
    3⤵
    PID:10044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
  2⤵
  PID:4984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
  2⤵
  PID:6564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
  2⤵
  PID:1956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
  2⤵
  PID:9548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
  2⤵
  PID:11076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe

Filesize
184KB

MD5
9c43df17878d55f64d735d97143d230a

SHA1
4b817cc724fffebfd35b03874b3948a4e561a3d1

SHA256
d6ecf60e6f4a9e90fd45bb221dcad4c4766962be73430aff213390b71dae9b65

SHA512
ee59544a867e9e2c7cd3591f4e845fa8283c4f0c83e96d0640638b7689de22d0bf6cac974c8216f1e3e8198183e8f292009a4616594774e700fdfa3bc6b8dc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16389.exe

Filesize
184KB

MD5
b9948e016a6f2b3cd69a48ce0569bfce

SHA1
2083608934dc83770ad516226ec38b01dd77d5ac

SHA256
10ae8928de870ccaac420b7b55aba8d7d88e73573a306d688b2f2df9fef551b9

SHA512
497661295161823a85d90c20e215a192a2b23f00d6120436da082194de927bdf0600de2f2323d7c275ada95181b085acf2a7c2c70408ba6f4073c1da7ac6ff78

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe

Filesize
184KB

MD5
f03010ce53338691298c6a64d2ea8ac4

SHA1
24bb7d49d0da4474c0a331f043e6ca5ecd3d92fe

SHA256
2b8c434ab968c608836fc46ed6f0d79a8c2914d7795e814a84055bee219d1e40

SHA512
b4a73ea7d9e93fcf8e6755365b6ab53538178d77004216ea2c9d75c83472470c8c1e1e29bd9cfd13d7d8fdc0e4da7e452bdf8f288e5be6de46e4fa17f3261ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe

Filesize
184KB

MD5
ed34ed4fb04da47065818b0d3aeb890b

SHA1
d9651bce7159d618541ccca9a21e72b2316332d5

SHA256
15d1bc131541a131cd18a96a6dff83661289813c42a263709b8925e1aa6459cf

SHA512
6d2d4ef3f730d15bfdbb8b573ccfd53ef0cfa60bfabadeeae38659f4d34245edce8a505ff069993c5e7ca73b26b1c06ca51e40d85e0caf9dfe6fdab5b960ed3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe

Filesize
184KB

MD5
5916d430f125018069543121869bd9b1

SHA1
43b0bbc487f51c5ddcc9a9ed2be5acde122c85c6

SHA256
73238048a5b09a9a6b6b20ae07753a55f334372fba236cd4853a9d56c8f23ed4

SHA512
7ec334eac6d9ece28129cdfa63a1e81e280c906a38e084ce18f73a1943185af0128c32719bc75ee0ebde4bcee9b8cd4dedda19afe2bbcf46d7ad1ce846fc5240

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe

Filesize
184KB

MD5
8c9b90d9e4007da6df0bdf732717ea56

SHA1
5ce454b5cbe5befe5234f3e9d13b12e62b5ac36b

SHA256
f869ef54a89f72e58276f2f3f0998ae976928bee8c22c41a89ddc7e7582985ca

SHA512
df65a657d4067493e89e13a85e1e94429d5783a98855e1856d9fa5f695f2eaad2864bc53eb27b0b8af533540580eb1625cb697d3f131e7d87cf8b069e8b5452a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34255.exe

Filesize
184KB

MD5
34bd1938ca384ffe8ee3ae9415f70b47

SHA1
93a957ef93a2ea15c3c9ddc079f2e35906c3c687

SHA256
6438281c03d6249d1b8de789f73433738de1bd371ac57ee3d9332097d3f5ec8b

SHA512
aedc1e7a21b2db42a1205dbe871607be20229fceabb21ef92801848c8a1c220a5e3ba80497ba53f50efec9ae766bb922bed1c4ba21ae0938e6906b837ddef126

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe

Filesize
184KB

MD5
8d19125d201dab506cf85c9bf5e8d40f

SHA1
d0bf791b42b00396fc74390af5eeccb1818f1d98

SHA256
1024125ae7d20fdf2c296f3dffeccf76f5d7b7b937e8041a8822392d7b802afa

SHA512
6f08a78a14291082880461078abf71126bd87576aac4e879961e0ea022eb58fb53b740fc7cf244295f99f5adf8a919e97dd49d4f6f87e04f9aaaefb2ea74c268

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe

Filesize
184KB

MD5
9f473243cf8cef71198dca358116704e

SHA1
b4e9eb6f643699b935d3da2a115283335f2390c7

SHA256
3a9617ec89a3b4741a30c3f36f74053819bf644f892f96e50a05dc86ba61e1e1

SHA512
1e1a99b27a0fae9ccd62d0a08019becb332a610c73a64844366e5d5e3b0fa8df7aa7bbf8bf87022ed53e9774344a2c070491ed1d3fbbebbe47f9eb894b75a8fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe

Filesize
184KB

MD5
a3c3d28f9c02122c74f1c14142384ffa

SHA1
27e5a27646dcf4bafda56192fc1dccb1033bb661

SHA256
0178ed06cf16c3796de643f3b73d24f68a63c79fe6b3455f4f93e8e3e92e0a6e

SHA512
ae79eb8ea0540e2e461d585c4e14922edf794bac83491788bc7de7ff6e6923019ca6d6a9872b8c07a69a9c3c4ab9a92fb729fa6cb2352371e98259a4da99e4eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe

Filesize
184KB

MD5
71741b2235127397b6dcd31c161d495b

SHA1
5d56c9ad2ba36dbc371206d9238265b3d8db3ddc

SHA256
fb0bb83076eaca4a1297d9fa79c786ada0e737a06c3622e618a5bc37a6d08990

SHA512
10ec9b1b10d4131bed126eb49d0d65a7adf520e652bf914a69b49c9d52e50e8e74225ac87b211c12cc91c58ef0d1e82e81aa5a7fbd89083cc8df03ebecbcd02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37044.exe

Filesize
184KB

MD5
60deb06f908ce696b5c3dd5b8e33731d

SHA1
8b48d04d6ae70ce9ea0ddc11dcb840eaaca211ec

SHA256
df4bdb5fb38c7384173054db78e614b08be239c54495449d9b5270549b398567

SHA512
fca3bc2bee87f4596fc1fcab8fa99f811237c89a4dd49b5b2615245ce4af546722e70208d214471b8a2ad31b28060b0aad9540a8d40eb3920ba4af8711b20d15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe

Filesize
184KB

MD5
82f93a28cff1c7073e8f4ca3e5f4ddb4

SHA1
8deabc9fb17b90c9c638acaf78c81188a21d47f0

SHA256
d967a7d2fa98d7cbe34b3cefcb3deb65ff1fe38daa1c587a72854f84d21ccc02

SHA512
c3a1ff617d295f05ed8f32d4898da4ec9c360ccbc84838357200218d80e4226d5ccd7facade2f1b9dff97eb04b176cc57c6b03890b3962d0744fdf88e6959f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe

Filesize
184KB

MD5
5083e8e92abb063bc9553337dbe012aa

SHA1
08430c885897a46b3cf6f57f7152e026307f35c9

SHA256
bab6c70ca379a3d8f79776de91a28034834f1f4a486508a9585d9a22993c6690

SHA512
4a69038061211698527a314919e97f461ebd2349de1d58478c9831c292c4062cf0b2a051a39ff1eec4e240ba0a61cb52d66c0a5b9c325347b493df551ec04f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe

Filesize
184KB

MD5
da8113144ea8990624fff6954f2e8c80

SHA1
33cd76915db7d6b42023ac3002c9fd8d02d91cbf

SHA256
3230096aad2e644ed1fc55f16ed9fd4ec8d829114f586ec202e25bf0a8b5f266

SHA512
ad99f9b47498334e94ad32c966c839cbfb4eb967c20d85e8cf420a40f584d082874740c2b808d4b5351b9e21bf4c7fc496c28ebe1444f17cabc8a597f8fdd069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe

Filesize
184KB

MD5
cd38cd2ad903a3e811ea9f7add5ac846

SHA1
255a9b21af972be7862a8725d4263c604f46b2c1

SHA256
53d018831d206de32d1e78c66724ef2622813f937da5c9c1b80b00d43952f3e2

SHA512
36fc82b049aae7dd626e082c9c2556b5ef3429f0bed3d3d932a58688d9845f7d01c7366918810c6cc21395b2ce276dbf471514572ffb714e6848f6b10fc907bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe

Filesize
184KB

MD5
9b11378f2fc86903b5ae6d040b5c54b2

SHA1
de3a86bbd8a5ceacd299ec5f04e0bc3d92512608

SHA256
c91896e141bda207c75916590b58c5f8f8a4f47ddaca424c94b8b01726a570bc

SHA512
ebb852345307e220404c6553e7156968fac1e8395e9ce78c25d89ead323c5b96577b4807ea79838123512c2a860e300275ae5feee51c23a4554d50104b424c3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe

Filesize
184KB

MD5
dab86d22c2220a46b6bb8f72d827ba9c

SHA1
77e82adc2eeb8d5345026f11adec92d8847ff08f

SHA256
2017a73c22659338432153075d054b7f44c5afc3e6eab17974e96c1ca149c743

SHA512
e4c2639aceed7609fa9445735a7e8ca8b9e6ed2cc02cbd467aa8728e61cbd7fc2ad3cccdd7cf8b24b785ccb046e83b62334fab1f0d69ad70119e4d4e6a74ec9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe

Filesize
184KB

MD5
879c7f134e68ed22b4bfdf0560f06003

SHA1
245837e76d082cddf889496eb9ff61e1c0bb1111

SHA256
bd2a0186e5f1782fcfb3a0a425e060b8507f59d611e56bf506a77e414da9f075

SHA512
d16e375cc4b9bd0adeaae7647ae86ba0e24c6038d7b50a2c7990fbcbd7840b4d6df2a7bdb1f23cdd97569f02d8b1d64d65e3085c960780e63a0b3a840670d030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe

Filesize
184KB

MD5
7d4032c2afb2da9b493e3b9335ebcbdc

SHA1
67e8b67e1aceac61afb310fe24ad82067de9a357

SHA256
cf7316fa8e71b80e1c7a22e1084270c87eb0b0b7777378966c044a1ac4ce128c

SHA512
029d7c79c7a889a2d816d532258d934c0f367cb844f0f5bca85366a3fff150922c1dc267a8b0b7fef8161d1360584b1858cd5c6f095070fdd8824ca94237d8d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe

Filesize
184KB

MD5
a131deddc8b7d74a30cc21e619a88adf

SHA1
555728dfdd17236495fd21ead74e4c9fa083abc6

SHA256
8ea44a5fa9f1c30ad3ce1fc92867510af38316d4823b1370a7cd4d1755c27844

SHA512
6e6a6cf210ae86642c47b4c00620107e9ac10646d73a2f009bddcda6719585d78d957733ae009d1ec2ef1cd81eb772bf2261722444e818c86803f8e20d814d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe

Filesize
184KB

MD5
6ddda287ed500c3d30bbf056961fd8de

SHA1
86a85b0d12ff9d55c94faf956e972652c50b655e

SHA256
43375e05af60f6def419dcc7e6ccd50d61a705d05c0fa352ee003b14450d87eb

SHA512
d1bf3909d2d5f78fe099114d6e8f7de33e9c3fe0f8eed750b3590acbaae1f7b19aba2fcb05061336de9e08abd21df48945b5e87b78923fe76252e57c38fcb87f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe

Filesize
184KB

MD5
9f9f597ad3124c407a614b3fba1b0cd6

SHA1
87de132b35db7928fc5b0dc861a00fc4c81efe47

SHA256
3c99110cedb6eef4603c34f204854027368a20ea3fa07069aa9f8752c9213021

SHA512
ddcbb49f5a05acb63bc537febff4b38ec59bc9db3edbbf9ec1db982c9bb1ed9145be4e636db02da74e550381f1855ff8de1f03653708fdf08f2efd04b7f62a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe

Filesize
184KB

MD5
94a3ceca16e1fc3633b80dd638ebefa8

SHA1
1195da7cafeeb9ef7b18733424894bb9ea715ed9

SHA256
d93b7c08711a7fdc4226359a3c3b3bff7f4584015d86defc50557b6b3067e0ea

SHA512
a4bea03addfc4970b7cee655277411572a0becf5a35fb80d22370fcd90ff2144841fe1d2cfda9f1ff8948e459b4df4b51a15f51586c23f3aaaa376264e5feade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe

Filesize
184KB

MD5
e7c30a098f2ab553671d9b7ba6514c02

SHA1
87a5be9f72c790e80e4d486ba31fcbbe86c09ac8

SHA256
44545b9b122d3cd1fb9c24ee5d2ea013136005b6875846a5dd100c9fbe7065cf

SHA512
4233fc89c944b41ed774743c99c0f72393dec7e60bcd21ea3b64f06d7cc4cc283835fd1083f0fa8b9fd42fe97fd8179b19a3964c2fa688b78e13e0f3749eb7ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe

Filesize
184KB

MD5
28019396456aae1758c70d4ea5ec604b

SHA1
fc78bd9e8e97ffbe9f5940d2fb02fec55dd49dff

SHA256
d1aa998c637b6b67a8fb002db619c58b6eb54e2817fd0670505a83d0eb995263

SHA512
9c18499ec8a2ad2d42613f0933ff685b25ef831cf8aa63b9e7dc49022260b60e66f00c1a2e6c667d68e4352e9bc2a8434ea9208b93f2400806b6cc5e83ee5a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9676.exe

Filesize
184KB

MD5
e4e3a5ff2db595c76ff4571085256b30

SHA1
d3e069a3552e6d9d489f1e7402dafa62ae82787a

SHA256
dc8d03bdb38fb8eb4d8d632c5a768efde07b09470fff240045a58a100a82baec

SHA512
76bd8b79506ec1c7d7126fe68fc618fb8eef9e7bfdf9459c0c7c318cbe8de73c7b39cbb36cbb13d8ec1b8a41f23ce152b73edf1091e5a8f6f4d8e718b9a76407

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe

Filesize
184KB

MD5
93ec81decedadf783e972b93092e923b

SHA1
f12bcea582aebbeb75c2bcb47139388e528fd864

SHA256
eaf3021d45f13be7aad1065e08cada232a79f018ccb0fea3d18b7e17026da8a9

SHA512
a966a249850bfabaf3e11f79e9e90410b5a662449033f6db971ca71ac9710b71a0444bf696b7145d9ce90f961a8e7d49d8b19bdf5db6ba48f8e273345eb12d51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe

Filesize
184KB

MD5
6d130f6dcb8b54295306c4618d80fbc0

SHA1
f48c53ac8dfd93dc15239e16fa45ca19ea5e6c09

SHA256
5e9a7b454011c27e8db75f0efe6269dac3293bcbce9e707607e80b202fc76b09

SHA512
1f941b191a49231020da9914b63a5271f1ac4dc2c8a0ba96246b2266dd875b18ca289544fa1e01c1f7143f7162c64eecf903e4a4982093f65025d0751c87ef23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe

Filesize
184KB

MD5
4c83045ca4a4cb40db8f0f6ba20e1256

SHA1
880338fdaf99b0ca67fb832478d5b84a5cb3c238

SHA256
42c95f1e1be58a0ed245f0b698ac22bc1f57e0a23b5819001af72b95b17197ec

SHA512
f3932a84d7439b89fd1ecd5bb54d6a60903be6b9fd9a787f7d0998db74db5053f48cc4fbd968728caac4635e102557465c697f23620127fe0f54c6a61469294f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe

Filesize
184KB

MD5
7c730283f4baf3f25f17911078085eb8

SHA1
c8554b785ea94bc370bd3c63fb9942d35054a3fb

SHA256
3aeaab36235e4547c7d1c24ce44f11e10c7bf084d59aef860b847d4501b84f51

SHA512
9c6b7cda3dd8fc3b4b7b18d8b2da3ea097cd3d3449164d7c408c660c6f54095bf3649087ba8f219926b8e023162646bc45a1f798b3ed748aadafc83059b37dda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe

Filesize
184KB

MD5
0692daee500ad5abd3a4edd12acc8ce6

SHA1
3741e6c7dda7300c3f4736ce1f065d471601e4df

SHA256
07ff4a06c8993aadb5383cb11a37ae9549a17bea6e385ccbbb9ec0164d4d5c4d

SHA512
e977aed983b1748b0f2254a626ffe6803ba77e4e2c4a9fb3460d93d6ff94bcefe0b5b40e9c3bc7ed357fe2c3e47303650446441a6c77ddecc81cb92e23f8965b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31180.exe

Filesize
184KB

MD5
d542e2e37e584ac25dd2c399e7126acc

SHA1
26d8a780be6406976991e5c9a8cd0051a4944513

SHA256
bacd24e389d06ee9e668fae37255a2f8b608d36457c38c689f6d35e5bfdc52b1

SHA512
ad4efed62a6558876bc01001004732b56cc5afc264a28e4a39588c2439ed9c8e5f51347bd0f29eb8072215eb6948537bf98e432ee0ae767eaf5cffac701ffe18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe

Filesize
184KB

MD5
be759e4843164519859def5b818112f6

SHA1
965b6be9a49becad856519d7f70e9f3b20b79336

SHA256
2dc6ee7eae7392d6e918009941db736f272d493804382ad83de70af8bd3ea8bd

SHA512
047bd39c06382efa8bcb058297b4a021ef73477f487fa7d07763bf6211de8306cee93299c4f92b86b5a2ad448e784f73d48fbb8c45646aa051b1db9f4c986889

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe

Filesize
184KB

MD5
5fb0b1c6b23e32586df28098c5589622

SHA1
71cf3281919dbc1e81f8b3abb8eb7bd8740ad5ee

SHA256
619858da41b6ce38c8d5bce78d4aafd55066769c138929bd2f9e4098d432005c

SHA512
c0fa996b1154db855aaa077cacb1e972b8ac423b551a45088c694bbeb72298665d6d51d6c99c532163a88625cbb275c114f1c1f0f62008005681c9c299a1e3de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe

Filesize
184KB

MD5
724c6ed9617e5f8594a598b814a58f2a

SHA1
5508875c8805eaad60da8f9243f5986aa9941478

SHA256
9be586625e69857bc3dcf885e7e7ca886ab500ce99564faba1cda70d2c448d16

SHA512
bac67ca684d84792dc8e62bb68fec48a738be54153686a1fcc3f9ba4b08c773967f3eafdf5b8595e18e8bbc6b5c1eaa9d9d62146ef804b6cdc74ebef3eeceb0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe

Filesize
184KB

MD5
ca44f2019559f596836a65a64ec3945d

SHA1
31d072c9d4e3fdf3a18a017b9de55ea87b7e3d5a

SHA256
1792c4c3b54e330a24df2ebac60d07a98e38f8fb6800c94c79b809746a99668e

SHA512
478ab32cec7a742fd200ceb9c6c44b9fcf18c9b8db1769ce7ba083a6a207b242376df6102b5996c1a93cd0c2d1b7d3314e2a24ba13f2689fc7462f00533555a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe

Filesize
184KB

MD5
9a1fcb54fd9d0a8d178cd387fd2bb7b0

SHA1
d2eb5323f736b66e6abb6172a4921868db919308

SHA256
09a8e41c18754970e9f2a118473d2c200b7e2ffebdb5909fd2ed8a546966768d

SHA512
61c854245a18766b511a2daa31678bbc4275e96d97a4a6e55f16f7f2c79fa91d8f17c5375229366666a35844619e278db25a3d6605ffb548b62ab11d6e266081

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe

Filesize
184KB

MD5
110ec0704bf83bc5239dc0d5aa6f068a

SHA1
d13e790e35a7473f7cb03125fba8e45a5abb0bca

SHA256
1e98ece112c8a756f12186c62154bc7c3760f01d93f19f60d5c97fe7bad799e0

SHA512
812792b3192cf0ec99fcbb2f8dcadde4015dda54d856f224b07c7e498db2b1a62cc00d55872b1dbf003bca7bc11aeddcb2df8a6db722cb3b885574dde7acee81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51978.exe

Filesize
184KB

MD5
eda9773b32d9eb29e04644157ddbc96f

SHA1
0801c6389b4b4d59cb77788b65d210bb7c6095b0

SHA256
e69ea39eb06f3e53d452adc1a6119a99698312a6da14f47833b3d89de39383fd

SHA512
f2d85e0b4a71dc6945c1976cbed97fd66ef636bfe4fc3ef5874e6275a359c91c7d7907dfb2b4c953c7626e89b93632ac560406f9ed1e1e23c0a53708b02dd565

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59553.exe

Filesize
184KB

MD5
69ba1f715e4e0d2ca733a0cef68b8039

SHA1
dc961d240a3106f7373867af59995633b64282b9

SHA256
eaeeeaae78882520c9554439df96ed8a2e7a8d1f49a7433f19e46e9774f55bff

SHA512
1931888b68762a41e2160f0208157b1e22e98cf388990f1c49e019c3e048a428b0c7739add1d6f50396ec43ed1373ee64fb7832d16ce78dc7e0009afbd92e91d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe

Filesize
184KB

MD5
2787b7fae59c8ba3ea4aed3926c0d13c

SHA1
8c7f9004dc9fb8269c4a22691d06b22ff80aeaac

SHA256
d1ba543497508e24a38650a5cfe6384bda57a8dc9567509f9f8c46770a334525

SHA512
b62b029ce09e1a44ac233c20409a7d955ab0403c4a53fa6f335cd8e6bebb373371e656430ce6520d58c6ddc087262ad95584911390467bf2197b208c199c932c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe

Filesize
184KB

MD5
102f5515d2848f7069c99aad10129c11

SHA1
d69cbd2e909678c97daabfcda116d5f69ab99293

SHA256
d02c03efcddfed6228f54fa67e3ade538bea5247ed1cd43c0bf18a45fd86b137

SHA512
36a1e9451e7bce730c2c3a19673017408785f66995fa1f3e25ff91cd1d2091ed5256d101a73ccb473642fdbe4fbfc498a5c70897e7ac7bc3178a6112aef07cf7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe

Filesize
184KB

MD5
722e02476adb4d5a775d42774b214df7

SHA1
648523e414462ce809bd097c792fe7d407e3f53d

SHA256
c55025e4cb23bd6d50dfc6418ae8973b54b39c8fac2a78ebe0190f02a51bb413

SHA512
3b8f2fd7516d0e4ff5639940a4c7ebab8d8e9fedcdb9013e030c89413a13660a350e0720e2e011af0f33618826f645d78af140f4546910510e13f370c6e555f7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads