d047bcc289ec189abf109a64b12dcc9705f0a3d9f5ac478b08bf85d12d73e6ed

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
Size

184KB
MD5

a5a90d73d6348b0847aec62b005b5100
SHA1

8625019e23af96874157ab159f2617e2699b3948
SHA256

d047bcc289ec189abf109a64b12dcc9705f0a3d9f5ac478b08bf85d12d73e6ed
SHA512

6bf4b01e015703b13e24df5a2ba80080081b41dfc2a3de602fb8b5d66cbd4e1da4bd6ada421e7f476f61fd96c19edea152c32fcc7496facabc3e59b996ab2e0f
SSDEEP

3072:cKSeVJonkjccZlDhhScf8KUz7lvnqXqiu5:cKbov8lDl83z7lPqXqiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1940	Unicorn-45878.exe
2712	Unicorn-56843.exe
2380	Unicorn-32893.exe
2560	Unicorn-36553.exe
2444	Unicorn-7450.exe
2436	Unicorn-36034.exe
2432	Unicorn-29903.exe
1676	Unicorn-31950.exe
2964	Unicorn-12084.exe
1072	Unicorn-55743.exe
2740	Unicorn-2458.exe
1652	Unicorn-35877.exe
2424	Unicorn-44046.exe
1404	Unicorn-63911.exe
1096	Unicorn-54717.exe
2060	Unicorn-7562.exe
2112	Unicorn-3213.exe
324	Unicorn-23188.exe
624	Unicorn-48439.exe
1488	Unicorn-32352.exe
1536	Unicorn-32617.exe
2324	Unicorn-3514.exe
2404	Unicorn-20365.exe
2884	Unicorn-4997.exe
1416	Unicorn-24449.exe
2028	Unicorn-3836.exe
2368	Unicorn-49922.exe
2852	Unicorn-45424.exe
1916	Unicorn-44107.exe
960	Unicorn-7920.exe
3000	Unicorn-10726.exe
2904	Unicorn-23354.exe
1580	Unicorn-64941.exe
2616	Unicorn-31522.exe
2708	Unicorn-21307.exe
3028	Unicorn-44158.exe
2280	Unicorn-14615.exe
2580	Unicorn-31714.exe
2872	Unicorn-7764.exe
2128	Unicorn-47666.exe
2596	Unicorn-26789.exe
1360	Unicorn-10717.exe
3060	Unicorn-56026.exe
1616	Unicorn-58064.exe
2456	Unicorn-44329.exe
2940	Unicorn-47858.exe
2040	Unicorn-23908.exe
2916	Unicorn-23162.exe
2772	Unicorn-5864.exe
1640	Unicorn-27246.exe
2764	Unicorn-64749.exe
2716	Unicorn-31330.exe
1732	Unicorn-2476.exe
672	Unicorn-21115.exe
2316	Unicorn-48413.exe
1144	Unicorn-32025.exe
784	Unicorn-32290.exe
2400	Unicorn-59747.exe
2416	Unicorn-2378.exe
356	Unicorn-48050.exe
1576	Unicorn-57701.exe
984	Unicorn-39327.exe
1992	Unicorn-19461.exe
1912	Unicorn-51314.exe

Loads dropped DLL 64 IoCs

pid	Process
1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
1940	Unicorn-45878.exe
1940	Unicorn-45878.exe
1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2712	Unicorn-56843.exe
2712	Unicorn-56843.exe
1940	Unicorn-45878.exe
1940	Unicorn-45878.exe
1940	Unicorn-45878.exe
2444	Unicorn-7450.exe
2444	Unicorn-7450.exe
1940	Unicorn-45878.exe
2560	Unicorn-36553.exe
2560	Unicorn-36553.exe
2712	Unicorn-56843.exe
2712	Unicorn-56843.exe
2436	Unicorn-36034.exe
2444	Unicorn-7450.exe
2436	Unicorn-36034.exe
1676	Unicorn-31950.exe
1676	Unicorn-31950.exe
2444	Unicorn-7450.exe
2560	Unicorn-36553.exe
2560	Unicorn-36553.exe
2964	Unicorn-12084.exe
2964	Unicorn-12084.exe
2712	Unicorn-56843.exe
2712	Unicorn-56843.exe
2432	Unicorn-29903.exe
2432	Unicorn-29903.exe
1940	Unicorn-45878.exe
1940	Unicorn-45878.exe
1072	Unicorn-55743.exe
1072	Unicorn-55743.exe
2436	Unicorn-36034.exe
2436	Unicorn-36034.exe
2712	Unicorn-56843.exe
1096	Unicorn-54717.exe
2712	Unicorn-56843.exe
1096	Unicorn-54717.exe
2964	Unicorn-12084.exe
2964	Unicorn-12084.exe
2424	Unicorn-44046.exe
2424	Unicorn-44046.exe
2560	Unicorn-36553.exe
2560	Unicorn-36553.exe
2060	Unicorn-7562.exe
2060	Unicorn-7562.exe
1652	Unicorn-35877.exe
1652	Unicorn-35877.exe
2432	Unicorn-29903.exe
2432	Unicorn-29903.exe
2444	Unicorn-7450.exe
2444	Unicorn-7450.exe
2112	Unicorn-3213.exe
2112	Unicorn-3213.exe
1940	Unicorn-45878.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2544	2380	WerFault.exe	30
1412	2740	WerFault.exe	40
1164	1676	WerFault.exe	36
1092	1916	WerFault.exe	60
2256	2028	WerFault.exe	55
1672	2708	WerFault.exe	65
2880	2368	WerFault.exe	58
1324	1144	WerFault.exe	88
2704	2716	WerFault.exe	82
2508	2040	WerFault.exe	77
2928	2416	WerFault.exe	92
2168	2616	WerFault.exe	64
2876	1020	WerFault.exe	126
2148	1616	WerFault.exe	74
1728	1624	WerFault.exe	102
1984	1804	WerFault.exe	111
3096	2104	WerFault.exe	115
3104	1884	WerFault.exe	141
3124	2156	WerFault.exe	131
3148	960	WerFault.exe	59
3160	2596	WerFault.exe	71
3280	2488	WerFault.exe	140
3436	2504	WerFault.exe	113
3916	1604	WerFault.exe	129
3704	2744	WerFault.exe	110
3556	3888	WerFault.exe	266
3928	3536	WerFault.exe	261
3988	2072	WerFault.exe	150
4440	356	WerFault.exe	91
5104	3548	WerFault.exe	245
4104	3668	WerFault.exe	263
4284	3692	WerFault.exe	232
4736	3220	WerFault.exe	240
4800	3472	WerFault.exe	224
4324	3212	WerFault.exe	214
4724	1252	WerFault.exe	185
4908	3012	WerFault.exe	138
4932	2516	WerFault.exe	130
4960	1052	WerFault.exe	124
5080	1064	WerFault.exe	99
5084	784	WerFault.exe	89
5852	804	WerFault.exe	174
5180	3340	WerFault.exe	242
5400	3236	WerFault.exe	258
5496	2180	WerFault.exe	187
5460	1764	WerFault.exe	195
5432	980	WerFault.exe	199
5540	1620	WerFault.exe	171
5548	3752	WerFault.exe	233
5556	3924	WerFault.exe	275
5240	3992	WerFault.exe	267
6164	1860	WerFault.exe	157
6272	3868	WerFault.exe	274
6304	4012	WerFault.exe	251
6700	588	WerFault.exe	191
6732	820	WerFault.exe	200
6740	4064	WerFault.exe	277
6848	3892	WerFault.exe	237
6960	3952	WerFault.exe	276
6968	3040	WerFault.exe	269
6476	1528	WerFault.exe	169
6796	2872	WerFault.exe	69
7136	4028	WerFault.exe	252
6976	3520	WerFault.exe	226

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
1940	Unicorn-45878.exe
2712	Unicorn-56843.exe
2380	Unicorn-32893.exe
2560	Unicorn-36553.exe
2444	Unicorn-7450.exe
2436	Unicorn-36034.exe
2432	Unicorn-29903.exe
1676	Unicorn-31950.exe
2964	Unicorn-12084.exe
1072	Unicorn-55743.exe
1652	Unicorn-35877.exe
1096	Unicorn-54717.exe
2060	Unicorn-7562.exe
1404	Unicorn-63911.exe
2424	Unicorn-44046.exe
2740	Unicorn-2458.exe
2112	Unicorn-3213.exe
324	Unicorn-23188.exe
624	Unicorn-48439.exe
1488	Unicorn-32352.exe
1536	Unicorn-32617.exe
2324	Unicorn-3514.exe
2884	Unicorn-4997.exe
2404	Unicorn-20365.exe
1416	Unicorn-24449.exe
2852	Unicorn-45424.exe
2028	Unicorn-3836.exe
2368	Unicorn-49922.exe
960	Unicorn-7920.exe
1916	Unicorn-44107.exe
3000	Unicorn-10726.exe
2904	Unicorn-23354.exe
1580	Unicorn-64941.exe
2616	Unicorn-31522.exe
2708	Unicorn-21307.exe
3028	Unicorn-44158.exe
2280	Unicorn-14615.exe
2580	Unicorn-31714.exe
2872	Unicorn-7764.exe
2128	Unicorn-47666.exe
2596	Unicorn-26789.exe
1360	Unicorn-10717.exe
3060	Unicorn-56026.exe
1616	Unicorn-58064.exe
2456	Unicorn-44329.exe
2940	Unicorn-47858.exe
2040	Unicorn-23908.exe
2716	Unicorn-31330.exe
2772	Unicorn-5864.exe
2916	Unicorn-23162.exe
1640	Unicorn-27246.exe
1732	Unicorn-2476.exe
672	Unicorn-21115.exe
2764	Unicorn-64749.exe
2316	Unicorn-48413.exe
1144	Unicorn-32025.exe
784	Unicorn-32290.exe
2400	Unicorn-59747.exe
356	Unicorn-48050.exe
1576	Unicorn-57701.exe
2416	Unicorn-2378.exe
1992	Unicorn-19461.exe
984	Unicorn-39327.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1940	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	28
PID 1908 wrote to memory of 1940	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	28
PID 1908 wrote to memory of 1940	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	28
PID 1908 wrote to memory of 1940	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	28
PID 1940 wrote to memory of 2712	1940	Unicorn-45878.exe	29
PID 1940 wrote to memory of 2712	1940	Unicorn-45878.exe	29
PID 1940 wrote to memory of 2712	1940	Unicorn-45878.exe	29
PID 1940 wrote to memory of 2712	1940	Unicorn-45878.exe	29
PID 1908 wrote to memory of 2380	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	30
PID 1908 wrote to memory of 2380	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	30
PID 1908 wrote to memory of 2380	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	30
PID 1908 wrote to memory of 2380	1908	a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe	30
PID 2380 wrote to memory of 2544	2380	Unicorn-32893.exe	31
PID 2380 wrote to memory of 2544	2380	Unicorn-32893.exe	31
PID 2380 wrote to memory of 2544	2380	Unicorn-32893.exe	31
PID 2380 wrote to memory of 2544	2380	Unicorn-32893.exe	31
PID 2712 wrote to memory of 2560	2712	Unicorn-56843.exe	32
PID 2712 wrote to memory of 2560	2712	Unicorn-56843.exe	32
PID 2712 wrote to memory of 2560	2712	Unicorn-56843.exe	32
PID 2712 wrote to memory of 2560	2712	Unicorn-56843.exe	32
PID 1940 wrote to memory of 2444	1940	Unicorn-45878.exe	33
PID 1940 wrote to memory of 2444	1940	Unicorn-45878.exe	33
PID 1940 wrote to memory of 2444	1940	Unicorn-45878.exe	33
PID 1940 wrote to memory of 2444	1940	Unicorn-45878.exe	33
PID 2444 wrote to memory of 2436	2444	Unicorn-7450.exe	34
PID 2444 wrote to memory of 2436	2444	Unicorn-7450.exe	34
PID 2444 wrote to memory of 2436	2444	Unicorn-7450.exe	34
PID 2444 wrote to memory of 2436	2444	Unicorn-7450.exe	34
PID 1940 wrote to memory of 2432	1940	Unicorn-45878.exe	35
PID 1940 wrote to memory of 2432	1940	Unicorn-45878.exe	35
PID 1940 wrote to memory of 2432	1940	Unicorn-45878.exe	35
PID 1940 wrote to memory of 2432	1940	Unicorn-45878.exe	35
PID 2560 wrote to memory of 1676	2560	Unicorn-36553.exe	36
PID 2560 wrote to memory of 1676	2560	Unicorn-36553.exe	36
PID 2560 wrote to memory of 1676	2560	Unicorn-36553.exe	36
PID 2560 wrote to memory of 1676	2560	Unicorn-36553.exe	36
PID 2712 wrote to memory of 2964	2712	Unicorn-56843.exe	37
PID 2712 wrote to memory of 2964	2712	Unicorn-56843.exe	37
PID 2712 wrote to memory of 2964	2712	Unicorn-56843.exe	37
PID 2712 wrote to memory of 2964	2712	Unicorn-56843.exe	37
PID 2436 wrote to memory of 1072	2436	Unicorn-36034.exe	38
PID 2436 wrote to memory of 1072	2436	Unicorn-36034.exe	38
PID 2436 wrote to memory of 1072	2436	Unicorn-36034.exe	38
PID 2436 wrote to memory of 1072	2436	Unicorn-36034.exe	38
PID 1676 wrote to memory of 2740	1676	Unicorn-31950.exe	40
PID 1676 wrote to memory of 2740	1676	Unicorn-31950.exe	40
PID 1676 wrote to memory of 2740	1676	Unicorn-31950.exe	40
PID 1676 wrote to memory of 2740	1676	Unicorn-31950.exe	40
PID 2444 wrote to memory of 1652	2444	Unicorn-7450.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7450.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7450.exe	39
PID 2444 wrote to memory of 1652	2444	Unicorn-7450.exe	39
PID 2560 wrote to memory of 2424	2560	Unicorn-36553.exe	41
PID 2560 wrote to memory of 2424	2560	Unicorn-36553.exe	41
PID 2560 wrote to memory of 2424	2560	Unicorn-36553.exe	41
PID 2560 wrote to memory of 2424	2560	Unicorn-36553.exe	41
PID 2964 wrote to memory of 1404	2964	Unicorn-12084.exe	42
PID 2964 wrote to memory of 1404	2964	Unicorn-12084.exe	42
PID 2964 wrote to memory of 1404	2964	Unicorn-12084.exe	42
PID 2964 wrote to memory of 1404	2964	Unicorn-12084.exe	42
PID 2712 wrote to memory of 1096	2712	Unicorn-56843.exe	43
PID 2712 wrote to memory of 1096	2712	Unicorn-56843.exe	43
PID 2712 wrote to memory of 1096	2712	Unicorn-56843.exe	43
PID 2712 wrote to memory of 1096	2712	Unicorn-56843.exe	43

C:\Users\Admin\AppData\Local\Temp\a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a5a90d73d6348b0847aec62b005b5100_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 220
        7⤵
        Program crash
        
        PID:1412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        6⤵
        Program crash
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 228
        10⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 248
        9⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50328.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        9⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        9⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
        9⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        8⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        8⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
        8⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        9⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43544.exe
        9⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        9⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        8⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        8⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16321.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33984.exe
        8⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10972.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        8⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 228
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
        7⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 224
        7⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10162.exe
        7⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        9⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        9⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        9⤵
        
        PID:11764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        8⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40258.exe
        8⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        7⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 224
        8⤵
        Program crash
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        7⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57979.exe
        7⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21109.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        7⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65485.exe
        6⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 244
        7⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46109.exe
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43478.exe
        7⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13497.exe
        7⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57745.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10398.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13878.exe
        6⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48496.exe
        6⤵
        
        PID:12160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
        8⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        10⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43897.exe
        10⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        10⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44204.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        9⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        9⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3504.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41952.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        9⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9880.exe
        9⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4832.exe
        9⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        8⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
        8⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
        8⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        8⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1143.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10240.exe
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 224
        8⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5144.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        7⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57173.exe
        7⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        8⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 220
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38164.exe
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
        8⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        8⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        8⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        7⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 188
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6636.exe
        7⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        7⤵
        
        PID:10680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44750.exe
        8⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        8⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        7⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        7⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34875.exe
        7⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        7⤵
        
        PID:11356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39441.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16733.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        7⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        7⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        7⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        6⤵
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23965.exe
        6⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        6⤵
        
        PID:9040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
        6⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        6⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49773.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6867.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7988.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        8⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        7⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        7⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        7⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        7⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9096.exe
        7⤵
        
        PID:11908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        6⤵
        Program crash
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50433.exe
        5⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        6⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        7⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        7⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        7⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
        6⤵
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53846.exe
        6⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 188
        7⤵
        
        PID:7920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40442.exe
        6⤵
        
        PID:10424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        6⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
        5⤵
        
        PID:820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 224
        6⤵
        Program crash
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
        5⤵
        
        PID:7400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        5⤵
        
        PID:8212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        5⤵
        
        PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47023.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6151.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        10⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        10⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
        10⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15590.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        9⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        9⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        9⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 248
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
        9⤵
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        Program crash
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22118.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 248
        8⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9455.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        8⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 248
        8⤵
        Program crash
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        7⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        7⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        7⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6633.exe
        6⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 224
        7⤵
        Program crash
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
        6⤵
        
        PID:980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 224
        7⤵
        Program crash
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3805.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        6⤵
        
        PID:11048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        6⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52155.exe
        6⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        7⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 224
        8⤵
        Program crash
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45093.exe
        7⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53462.exe
        7⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        7⤵
        
        PID:11972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19025.exe
        5⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        6⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        7⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
        7⤵
        
        PID:11044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        6⤵
        
        PID:6936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 248
        6⤵
        
        PID:8636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        5⤵
        
        PID:2180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 224
        6⤵
        Program crash
        
        PID:5496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46013.exe
        5⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
        5⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        5⤵
        
        PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 228
        9⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43244.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        8⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        8⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        8⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        7⤵
        
        PID:588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 212
        8⤵
        Program crash
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47141.exe
        7⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        7⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        7⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        7⤵
        
        PID:12284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        9⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
        9⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25283.exe
        8⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49107.exe
        8⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        8⤵
        
        PID:11612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        7⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17199.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52572.exe
        7⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65323.exe
        7⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 224
        7⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        6⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        8⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        8⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        7⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        7⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        7⤵
        
        PID:10552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56903.exe
        6⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
        7⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        6⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62197.exe
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51003.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53281.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55817.exe
        9⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        8⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
        8⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38124.exe
        8⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        8⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
        7⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61155.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24669.exe
        7⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
        7⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        7⤵
        Program crash
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        6⤵
        
        PID:4456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        6⤵
        Program crash
        
        PID:6796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        5⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        7⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32705.exe
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54827.exe
        7⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44333.exe
        7⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        6⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
        6⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        5⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        6⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17520.exe
        6⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44276.exe
        6⤵
        
        PID:10924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        6⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
        5⤵
        
        PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32352.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
        6⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
        9⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        9⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
        8⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 224
        8⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        7⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19617.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        7⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        7⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        7⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 212
        8⤵
        Program crash
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        7⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10749.exe
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        7⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47881.exe
        7⤵
        
        PID:11500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        6⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
        7⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18979.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4884.exe
        7⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        7⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 220
        7⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6602.exe
        6⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        6⤵
        
        PID:9500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20380.exe
        6⤵
        
        PID:10444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        6⤵
        
        PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        6⤵
        
        PID:804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        7⤵
        Program crash
        
        PID:5852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 228
        6⤵
        Program crash
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
        6⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        6⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        6⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37246.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
        5⤵
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        5⤵
        
        PID:12272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        5⤵
        
        PID:1624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 244
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        6⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        6⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51417.exe
        5⤵
        
        PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        5⤵
        
        PID:7464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        5⤵
        
        PID:11232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 244
        5⤵
        
        PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
      4⤵
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        6⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        7⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 228
        7⤵
        Program crash
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        6⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        6⤵
        
        PID:10200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64031.exe
        6⤵
        
        PID:11560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        5⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 224
        6⤵
        Program crash
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        5⤵
        
        PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62329.exe
        5⤵
        
        PID:11200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
      4⤵
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
        6⤵
        
        PID:4224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 228
        6⤵
        Program crash
        
        PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        5⤵
        
        PID:7368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 244
        5⤵
        
        PID:10164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
      4⤵
      PID:3924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 224
        5⤵
        Program crash
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
      4⤵
      PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
      4⤵
      PID:9736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31020.exe
      4⤵
      PID:11088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
      4⤵
      PID:11884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        10⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 220
        11⤵
        Program crash
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        10⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
        10⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
        10⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13699.exe
        10⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59181.exe
        9⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 224
        10⤵
        Program crash
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        9⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17460.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        9⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        9⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
        10⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        10⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
        10⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        9⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        9⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62573.exe
        9⤵
        
        PID:11520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54802.exe
        9⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        9⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
        9⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50638.exe
        9⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42098.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        8⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        8⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        8⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        8⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42745.exe
        10⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
        10⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 248
        9⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        9⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 228
        9⤵
        Program crash
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 244
        8⤵
        Program crash
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50467.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 244
        9⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
        8⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 248
        8⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16541.exe
        8⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 248
        8⤵
        Program crash
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 224
        8⤵
        Program crash
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        9⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        9⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        8⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        8⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
        8⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        8⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        8⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        8⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        8⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        7⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18580.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        8⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 220
        9⤵
        Program crash
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 248
        8⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        8⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        8⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        7⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        7⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50824.exe
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52887.exe
        7⤵
        
        PID:11392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        6⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
        8⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        8⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18297.exe
        8⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 224
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44205.exe
        7⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        7⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
        7⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58833.exe
        7⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        7⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
        6⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 224
        7⤵
        Program crash
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
        6⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1696.exe
        6⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        6⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
        6⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        10⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        10⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        10⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38641.exe
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 248
        9⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        8⤵
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 240
        9⤵
        Program crash
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        8⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        8⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        8⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        7⤵
        Program crash
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60681.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        9⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
        9⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        8⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
        8⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 244
        8⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56021.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        8⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26274.exe
        8⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26342.exe
        8⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
        7⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38820.exe
        7⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
        7⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 244
        7⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        8⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
        8⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        7⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
        7⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 244
        7⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35741.exe
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        7⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
        7⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        6⤵
        
        PID:7504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        6⤵
        
        PID:11172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
        6⤵
        
        PID:11576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 244
        6⤵
        Program crash
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51314.exe
        5⤵
        Executes dropped EXE
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33240.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        8⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 228
        8⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        7⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3171.exe
        7⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        7⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        6⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 244
        7⤵
        Program crash
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        6⤵
        
        PID:6812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 244
        6⤵
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        7⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        7⤵
        Program crash
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        6⤵
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 244
        6⤵
        Program crash
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64671.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54670.exe
        6⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30234.exe
        6⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        5⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        5⤵
        
        PID:6620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6371.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        5⤵
        
        PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 244
        6⤵
        Program crash
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        8⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        8⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58663.exe
        8⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
        8⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        7⤵
        Program crash
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        7⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 228
        7⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        6⤵
        
        PID:8360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 248
        6⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        5⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        7⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        7⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 244
        7⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14136.exe
        6⤵
        
        PID:6408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48252.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        6⤵
        
        PID:11676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        5⤵
        
        PID:1764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 224
        6⤵
        Program crash
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        5⤵
        
        PID:7392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62531.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        5⤵
        
        PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        7⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 220
        8⤵
        Program crash
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        7⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 248
        7⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55097.exe
        6⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        7⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28903.exe
        7⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
        7⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15620.exe
        6⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        6⤵
        
        PID:7848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 244
        6⤵
        
        PID:9068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 228
        5⤵
        Program crash
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
        5⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        6⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23557.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        7⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 224
        7⤵
        
        PID:8512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        6⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61408.exe
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3118.exe
        6⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        6⤵
        
        PID:8236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        6⤵
        
        PID:10048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        6⤵
        
        PID:11280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30547.exe
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        5⤵
        
        PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        5⤵
        
        PID:952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 244
        5⤵
        
        PID:11452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        5⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
        6⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        6⤵
        Program crash
        
        PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        5⤵
        
        PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
        5⤵
        
        PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        5⤵
        
        PID:9856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
        5⤵
        
        PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
      4⤵
      PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        5⤵
        
        PID:5600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 228
        5⤵
        
        PID:7684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
      4⤵
      PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
      4⤵
      PID:7676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
      4⤵
      PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
      4⤵
      PID:12200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        9⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
        9⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        9⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 220
        9⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38776.exe
        8⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        8⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        8⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9679.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        8⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        8⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        8⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
        8⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        7⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 244
        7⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        6⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 224
        7⤵
        Program crash
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
        6⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
        7⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        7⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
        7⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        7⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65450.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        6⤵
        
        PID:9176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 244
        6⤵
        
        PID:10540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23908.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 224
        6⤵
        Program crash
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30181.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
        7⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
        7⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
        7⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        7⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        6⤵
        
        PID:5568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 244
        6⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
        5⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        6⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        6⤵
        
        PID:7872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        6⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        6⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        5⤵
        
        PID:5632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 248
        5⤵
        
        PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 244
        6⤵
        Program crash
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4194.exe
        5⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        7⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 228
        7⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        6⤵
        
        PID:7660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        6⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        6⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7955.exe
        5⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        6⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9658.exe
        6⤵
        
        PID:8204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 248
        6⤵
        
        PID:9976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35928.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        5⤵
        
        PID:6188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 248
        5⤵
        
        PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        5⤵
        
        PID:2488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        6⤵
        Program crash
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5595.exe
        5⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        6⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
        6⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        6⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        5⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        5⤵
        
        PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        5⤵
        
        PID:10360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe
        5⤵
        
        PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59866.exe
      4⤵
      PID:1884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 244
        5⤵
        Program crash
        
        PID:3104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
      4⤵
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        5⤵
        
        PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        5⤵
        
        PID:7832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58812.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
      4⤵
      PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9664.exe
      4⤵
      PID:9364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
      4⤵
      PID:11584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        6⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        7⤵
        Program crash
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46929.exe
        6⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        7⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40162.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
        7⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
        7⤵
        
        PID:11324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        6⤵
        
        PID:5704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        6⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        6⤵
        
        PID:8344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        6⤵
        
        PID:10492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        5⤵
        
        PID:2156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 244
        6⤵
        Program crash
        
        PID:3124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 220
        5⤵
        Program crash
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        5⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48910.exe
        7⤵
        
        PID:10408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 248
        6⤵
        Program crash
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20779.exe
        5⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        6⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        6⤵
        
        PID:11212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        6⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        5⤵
        
        PID:5064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 248
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20944.exe
      4⤵
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        6⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22487.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        6⤵
        
        PID:10824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 224
        6⤵
        
        PID:11900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 248
        5⤵
        Program crash
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
        5⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        5⤵
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        5⤵
        
        PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
        5⤵
        
        PID:11224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4059.exe
      4⤵
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
      4⤵
      PID:8340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 248
      4⤵
      PID:10884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 244
      4⤵
      Program crash
      PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
      4⤵
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        5⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        6⤵
        
        PID:6716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 228
        6⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
        5⤵
        
        PID:5344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 244
        5⤵
        
        PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
      4⤵
      PID:3212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 224
        5⤵
        Program crash
        
        PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
      4⤵
      PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
      4⤵
      PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
      4⤵
      PID:8960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
      4⤵
      PID:9284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
      4⤵
      PID:12132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
    3⤵
    PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
      4⤵
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        5⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9518.exe
        5⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54018.exe
      4⤵
      PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
      4⤵
      PID:7604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
      4⤵
      PID:8976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 244
      4⤵
      PID:10432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
    3⤵
    PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38990.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27666.exe
      4⤵
      PID:7000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
      4⤵
      PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
      4⤵
      PID:9412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
    3⤵
    PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
    3⤵
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
    3⤵
    PID:8228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
    3⤵
    PID:10204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
    3⤵
    PID:11276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 188
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
      4⤵
      PID:1020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 220
        5⤵
        Program crash
        
        PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
        5⤵
        
        PID:7304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        5⤵
        
        PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        5⤵
        
        PID:11644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 244
      4⤵
      Program crash
      PID:5084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
    3⤵
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
        5⤵
        
        PID:7984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47052.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        5⤵
        
        PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
      4⤵
      PID:8412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
      4⤵
      PID:10836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
    3⤵
    PID:1252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
      4⤵
      Program crash
      PID:4724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    3⤵
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63874.exe
    3⤵
    PID:6920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
    3⤵
    PID:8980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
    3⤵
    PID:10544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
    3⤵
    PID:11688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 220
    3⤵
    - Program crash
    PID:1324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
  2⤵
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
    3⤵
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
      4⤵
      PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
      4⤵
      PID:9716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
      4⤵
      PID:1420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
    3⤵
    PID:4876
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 244
    3⤵
    PID:6356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
  2⤵
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
    3⤵
    PID:4784
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
    3⤵
    PID:7740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
  2⤵
  PID:4148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
  2⤵
  PID:6148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
  2⤵
  PID:8540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
  2⤵
  PID:10900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
  2⤵
  PID:11272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe

Filesize
184KB

MD5
d584d66621dd52ff191de7534dee45da

SHA1
9095cbe9fa69affe9942b8a0184ba7e006e4ef75

SHA256
1a985d23ede2ef5185385233ee8baa4f3ab0e1957fea8a659629daa049610ff1

SHA512
5e0189da933dd54b41ee3c42b70d7fbc7e77fd9d57337d4cbca2ed0e59814c914b1b79776a1b5e882aa42fbd03e79a4671855c2cf8341cef431e2093a8fdfe2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe

Filesize
184KB

MD5
f34da1bb6eb98c13ca3cb713b74840aa

SHA1
19efaa1e3572fe528c0656b95546247f26da833b

SHA256
5c5257851bd0914546e797920a9e59de2bda3bd3b1b78d6283c1c111bb356bea

SHA512
2720a9a9dbe5f6104a98bc668df2e8dc086e27bbec186b7bac4202a25341d7f3b8188d91d30e21c78600ae2e29487c0b0a70887bbf7635f6dc22ae773c5b7a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17650.exe

Filesize
184KB

MD5
f09422649a3a80369187e4477a3095c3

SHA1
93b6153fa208dc16dfea4fc6918e91ff2240f589

SHA256
787734b857c822f7f9aa7c8327403e4053212bf1d1dff8b00bdf5b6ffe1c1d1a

SHA512
2e38b8b52c822af98d9d83ecb1e911687462801deed612e2a2dc4d41c1e7d3dcffe84d3f298ae022ca5c5a89b1d42d687aa8a4d2a0bf259b1946e37e3ddcfb82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe

Filesize
184KB

MD5
116c419f8622a75058621902292146e4

SHA1
7d7ea9163b394b2c235f9a5f089344a4d29e3fe7

SHA256
f119a046341cdc1a88c85e2e36c57771cdf4fe70289fb699c4df3f7d1f02d578

SHA512
c677b9d523c69327cb65208a651538b1555bd2c25465bb8f15b8d2b615c491be0b7471ae28f30728630a57a84263397ded05e229120aee5f23200104954de77f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe

Filesize
184KB

MD5
ec3cef324a2186b9811f532a7bdfaa30

SHA1
1e1bcc9cf3125475d74cba893d0790b81090db8b

SHA256
2faf8042338d6feef25ecb8b5b4b52db084ea13f1b34df20386f32eda5869c69

SHA512
1bed356315deaf1b8fded6276dbfdd218e58b0a16242e30567189d470bca089d0c280e28c6c401325d0f5a1478661f4018b6a49794b287dd8f514c17cee0d226

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe

Filesize
184KB

MD5
6093137fc20b07de2192df56307ca727

SHA1
0e7da0e141cf40cadbcae410e19d69c50a78494f

SHA256
38f239d31e886d41b9f09974c3c6aa881fca6d3d92ea8798537ce057b39b488a

SHA512
2730138fa9d95aed8f6b82cf2335d0d102d95d540ea523f0c361455896b0dfb19f96a50bb23746000d102dab12a772e39052a7466d8b8d6dbe201e636c3803e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe

Filesize
184KB

MD5
4116b351433cb001ae876edb7773d1c5

SHA1
36614b2576f35b618de0c655a14b20049451ad53

SHA256
9d376b430145a9e80bc37b8ae7378f3b549b230487e87a9a65cae2b60e6189ee

SHA512
464ee5a9bc825d3c285feefc2cd2ec870d916b4c1b2c4400980f077125a51b5f363cfdeef45f9671d7d3834aa02989a0318963cb912b45db83e842439842abe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe

Filesize
184KB

MD5
1a14d7e4a038edc0047a2d85f76a0b49

SHA1
c362d7107c5a374c7654cc02df49bebc56b0dda4

SHA256
99394a9e139f14042e354e923865dd5f13cc64ab62b998a768e123c7732a33ba

SHA512
9aa6462132739d12e0e0d7fe95bacab3d45fc49b442bb4c353674ac1179d55473e2626c89244c187725921f36b3718b2f7022f058de4a7bfcb1ca80de38cdee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe

Filesize
184KB

MD5
a689bd68c936cbdb339a7eae7b6fdca6

SHA1
2d36886f6719d6c1111c2e3de36f4ee6e4d87ca5

SHA256
238e860053518b5177ad5a0c7c3ff1878680674c0a69596c15281896f59b89fc

SHA512
da6438d0a275dacaaa983fee48b7dd046e62194b9566a3b28cc8497201d4ecd033a1c5c2740727b1041214c25e0d34ed329e5909028803d5798a88e647c696c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe

Filesize
184KB

MD5
2ea647ff87b2a790e3a754d8e90ed3ef

SHA1
17f5120d64cc750d03241e79565dd3bd6434cdb1

SHA256
8b1cd879c93fd5f5fe056c1eaaa1b33d091f07dbe1df816d882dc473454d5ab0

SHA512
5b9b4ee158feea898bc081f509f31347ce8dfeaac7c1a07e6f86e1bf43fdb8b1db1c00404876cfc236a2dcca9111a440d2ac09a63c18f926cc83b6da9a5660db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe

Filesize
184KB

MD5
a0cc97b806717282500807575fe36d79

SHA1
4a8cfb9db2a48ff33761676aa534c009837c6769

SHA256
7c3a619cf2a8c48fa513687d3720dedce392cfff2dbb8e581c39498e4504fcb3

SHA512
2efd04d45346be070cf4bc4d317236296bd0be803f903259e34791b504920b6096e04477055b93f497d0f52d9cd245dd16ab1d1a85054e70efe7d11acfeda8d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe

Filesize
184KB

MD5
c42627d5693c61daf92d74bf83dd5a18

SHA1
eb1aaf71d84ea7aef81f4883aeeaa1aa167c35f4

SHA256
6bc07100b6bf9c4aaede87617a2e0f3b7cdae0a0c2be3b923299dfce000644e3

SHA512
b48792cf949f2fb4e0ea26050b11091b6ecc851ed489511235072dce4e8a2d169988f5de402565710df595560a319f3f4b37befa9ba52f770de2ce975105839b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe

Filesize
184KB

MD5
2862fc5fb8545ef2cf3094eae2f28965

SHA1
ccefe137196d6a57feb71db83fd4b64e65200cfe

SHA256
ee43b090ba473acec764ca4aa7e1a349c1aee8199ffede95ed545a4f8c2c75ae

SHA512
f1b5cb0fa374563dea011d31cd4074c0b8671cda2d8b74430de3d3608d5651ac6ddddd4f90fb31a13d9879637c160ba53a6552bb557ae41baa01f925403e5380

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe

Filesize
184KB

MD5
f181c00855e8e21cba6ae42439d8cbc7

SHA1
6f6fd51bff10a2f053237d7977d10bf2495c6f9b

SHA256
b583e3691b63325482cdd37b8609401e1f5bed66b1ace96a6aa7a8bcb711d125

SHA512
7156661f82e02e2373fd8c6c33ca8bb099468a49e1ad3ce28b6c8ffa77d6f4dda91db2daef747f462f8b1cbd6fc5c0e84d8aabf21feefeaa20f00c3a0f200f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe

Filesize
184KB

MD5
6d81897a6596a3ad05d684c8ae6b84f4

SHA1
540d465bff5135f75cfb447fefdb37cda524e71d

SHA256
1e2fabba2c4383e22893c24e433caf38ef7b3c6436647f8b221c420165baf171

SHA512
045e0729eb4f47fabc4694e854b2deafe3c9b08bc3a430ee1c8c7976730bee3c1b155da9ba9243afa1f6a1d0fc53f32775b06175bf6884b16c5a4c6747ae2e18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44333.exe

Filesize
184KB

MD5
f98f885498b5dd3d47da0c7f8fb7cc7f

SHA1
58fd32a3e1f0c7313bf1d6537ed7a10ffff7c461

SHA256
7e75683d572e3d1c3c9b1505830401e300c49729f89f32dbded18c32139fedd0

SHA512
6c28000659d5ab17adcf3fa4ef352c6350613acad50170b6c005f45c19317d27904c7bfd8e138a227ef4c1421338f6cde1e809e9e59c46bdfc5b2d92a37d6405

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe

Filesize
184KB

MD5
b840e3bcb0fe57edb8708fa1576647ab

SHA1
6aa5a23d166b73142d40e5d57d907dcbc091843b

SHA256
d2b57a2d8fb813bed111f89a97eb92f73a477167b4cbc17e0df757ea8323f7db

SHA512
b9e67bfd25ff6de872babee434fdd0878debe9ef5d4bed8b5b0dafb1fac9d26f6b176f6da6c58368c24c7dca2f439d0d5492d6392938d9c111b0fea85d590599

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe

Filesize
184KB

MD5
0c44f5d253ff73046449fb713b9d30e6

SHA1
a01fc7c999c0511d40a198ae950bae0d1be08d03

SHA256
4fccc7d76c294f023679d8ab751ec35caf065733337a646cea96802d6f72a629

SHA512
4bd06badfdabbd73515021f900dff32f0d42e29871c657a24f3094967c1294d67fdcefedc3daf817dd756dd4f6fc4823ccd05c722c565ad182eb25df24cd53a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5389.exe

Filesize
184KB

MD5
bad2157b7fc85d35c21e1b3c12195e58

SHA1
4f234ec37b8f40131e7d02ad69ecf8c4849e860c

SHA256
2b0cf24ce997389f24dcf996f1d02e742091d6b06811bf55aa23308edaf82907

SHA512
bd9050bb11c9d7ae024cf7c725dad5e519221cbbbc16fb96beb7cb321089f354f64f7167ed7ff81b74333e11fe6488d3c18ee0ad763cb8b62f4017db079a59bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe

Filesize
184KB

MD5
beecd77d729ce1437ccb4924b0a1622b

SHA1
6d5f9758b20e393846ca0d77af7a5d38da8570a5

SHA256
8409ead3d902bd1ff0997693ac3e39815f44fba64647ed437c4d6355aecbacee

SHA512
cdd0fd2e8c0aefe333164b4e1c951446282ce51721ab57c3897787dbeb55a23fd2338fae82dc94d224a9ff9dd0f3e52a4ce367867ad369357cef8a2e6d9e8eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe

Filesize
184KB

MD5
eb85239f27ded7bf5bc9fcd7df4b23d3

SHA1
af3bc3bb175752cdfa02e551e5e570a8d093fadc

SHA256
7fc95f76e936f5dcaed44b004511658bda54220c3359fbc5c4aec1dcfc554310

SHA512
a75f3a4ff154ddf33879894c19db755d4fd19e46d36c2cf9953b123e0550a56f4f75f93b7e3387f5ed54b4c3588753daf561b9a2275c8b125b689458a5eb360e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe

Filesize
184KB

MD5
1a2a5bbd1f5e9fa9ebc850e79a306402

SHA1
f208665fd122169da78dee15ba69f9870fac2751

SHA256
c53167adbfb44ef5911d61308e28c9b58664e59b70a71444238e163f9511d0f6

SHA512
2578cf6ad388ff78eeff51b5c225a02154f4b08455a6a4ca5f890ef0e7e5bd34bace9dfcbc7076867647e7a9526cec19b72418493bdceb1707cebde9b5dc7207

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe

Filesize
184KB

MD5
a32f65a5c56f9b620d63dfb6b51fd95a

SHA1
9a4dbb306703c03e5da165bce342b157c7aa3233

SHA256
952c88321604a4b3d820f106a6797c74c7d8bc9af146211c937475fc9cf73247

SHA512
e44a29d60b3610845da5f953f376a57c64ed2a71518d4dfaafc8d4e59088b2bb91c104d0852f0c0e8a340aa6e42defb7e34f8cbea61d00c41a7a307b207ef989

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe

Filesize
184KB

MD5
7e9a1a756cccf523b00c0813ac084608

SHA1
0ada84ea7f8dc4256d40cb5a066c5c7daea183f6

SHA256
cc381397d29c86908c1fe8d96220c9fd3d39bc5673bb0f64efe86c26ece12787

SHA512
d7e451a57f07ea73d377e381cc11b4b6f40f976fdbf87950010eee3a703ff733119409bdd846a2c61b65129b8052d44bca10fd42842970f67584f742a95abed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe

Filesize
184KB

MD5
c144b0a85375aabaddbe26dd0666db03

SHA1
6b046413d57e0ef2301f9490c9e8acf6f8bdd765

SHA256
92fdc94630300297ab0fdc3a91a647157061d9337e0b361f43f2b21727b3a660

SHA512
679bfffe8658cfe7ee817657d2722e2ba2ca569fc9378d233914ea8f6cf248641dc56e3e2768d3f62b641243c80a840085ffa3b4f8da6d3358c9d995c22e5581

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9825.exe

Filesize
184KB

MD5
fef16ec657b51ef1f981684b155925d3

SHA1
73763847387c4924c96271dfe11836bb6cb13738

SHA256
457e1e836a35ebf4ea31d1fcdc42b102b0eea17c5d1a8c8035ab1aedeaad9f35

SHA512
5f08ccddcc08626b32cb87ce01b7d3e80b25c1c0a213524549f8ba0dc80534f3c99f8f99e72084f2a5677c492685620883a5a1896bb7e64bd82f29fefbaa8547

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe

Filesize
184KB

MD5
7ec05b1ae3635e1fccfa9930a2f75814

SHA1
3b7a11ebde8acebdd7b858564aef00f1a31044ac

SHA256
986373c566512f1c39fb4a58d4c1cea5704543713d7dc244206dca405a0c611a

SHA512
347db48a4525ac2540bc0d64e05e789ff811410caf0ef3b8edf7bc616e3fa8b556f37918003c5d6d7dc9e2a1ef732e09e77a1c327be260fb0e5c58bf4cf473e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe

Filesize
184KB

MD5
85f021b6623c821d99a3b4e22b08b1ff

SHA1
594ecf71c161712c6eb5583e433d15144ba1b579

SHA256
a8a0c9500596ea5928ccbd12a4e0c1fe75ac2b6e99df59dad3ecd3ac4fc71061

SHA512
75534381efecbce3f67922c31d87f89b3b18dce95f8ec0b599b62e984187c782a8ca369f5196ffd79fa843aae9601b11a4e8fece4f9d3392d96d8b135e4d0b31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe

Filesize
184KB

MD5
182695a8d0a4b6a4dd6d69d7fbdaffa0

SHA1
a6f9e5a2c46d71f2c1b0c0f75cefb859fd2eeebf

SHA256
d577d704e1ecc89df25b2585e855c3c46aadcb355e7b5110e6d57fd4a90facae

SHA512
294f52c3ab72cffe7286acd97847b2ad769ed0822e884fdc7bc3eb2781d40b791da24565e84565cc0a328abed0079cf2a0dc94b8af3a90203401d5234cc4d83c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe

Filesize
184KB

MD5
f5a54175a1432e05754cc32d515537e1

SHA1
6a782259149968c9a18d228101da7baa73a372e8

SHA256
101f146f214620cc883857a3d34fcb85ea3b42f68befc944a5c4a98eb0b14721

SHA512
8a471d8ce00dfccb67b0d5b718b46af77beda178f27c9e283510b7819b5657335b0f6fffbd8bedfee8430780a39a5adbb73509bee6e7b217ea7fa62e33a7fbed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe

Filesize
184KB

MD5
c49970a77fdc9dbd731872f6e3f122db

SHA1
dcd74192acbd66b5c5244c37a3ab76d9288f1fb7

SHA256
0fe146cedc72596056d783350abad2347f451b6c59595466b5ac8abbe357e8ea

SHA512
37742b92467737d97fbed6b9e4ededd48805d2bfece860998797f96c297928bdf761c938e9a659642d0db99642b45595fc1cdbbebc071702a04ed6ccb0a3c071

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe

Filesize
184KB

MD5
e314633b34b095bfb0a70849660d1b24

SHA1
f33561c656dff0ce249adc538578d93a059c2b4a

SHA256
c6ebc98f7dce1c8aecf7e9c8097334678a316fe7c79a1c3f2042a17f84a554ce

SHA512
0e5470b7ac85c24eda82b87b6a766d2a8348d55b70731bcc6c2ba698865748454fe02876a188a307ae4d1bd6b75bb4a5eebc2f25d4d09623060880fbd20e9b7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe

Filesize
184KB

MD5
4a8d426aa519c8ca85181f2489a8e758

SHA1
046a571a0e1ad350afecbd8d220134b9dc3a616c

SHA256
c843fe4fd62eb482f156f2219e4798e6e8ed378fb7e4cff321ac9a140a97be10

SHA512
b4b0405b2735461168535ae72087cd179f97acb9054f73a972a3c79905d2ea6c5b3c1df73b2d4d7a807c813e53554b00cc626e77f978e5711da4ec6131fe3d89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe

Filesize
184KB

MD5
de7a77bae479e0ecf83e60e3346e1ffa

SHA1
82a2625ca74d938c702dbc9c0b71bc8747bbe0a4

SHA256
ae1c3f12d698260bf6da2d077ef2e1de383b6821d4f98138dfb63a92fb335e8d

SHA512
599a312586c7a48cedd844a1695e86aa3c03b3b639d19db161a9068f9d320b5de915d95e25d538dd4b89e9389b90f6a5d0a2d61c3d2ca936605fbc40e305c089

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe

Filesize
184KB

MD5
3f5fa323a476f81aba87b90eb8c457bd

SHA1
3c9f243a972eb37544a4b571b09535298fe25e14

SHA256
842d0464a1b56421b55cb6960f745b9cec514287fe4d72161019c0b8044effa4

SHA512
3f3abd161153ce7bbe7f2c8cec01c53908a47ad67460fd82a46eef467478363eb15e5b3fc99050686d18bf37aef675f18efc529bb54bd3524a0c439aa31c05f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe

Filesize
184KB

MD5
969bf0ac57cc166268819169b0abf427

SHA1
df871fcc6ec8136971c0a334b11bb6b08f1ac420

SHA256
aac86d97dd5e10e51837b265fc4e0cdac1f082021225445ed5499b64b0789570

SHA512
cc1b0e5fb86a1f3712ef136a8bd7f4b7e06783020936fa593efd5db69bdeb8bdb43f74a9413ab6f875d496e04401051dd99949e9713ec56f66f2d2c9deef8b75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe

Filesize
184KB

MD5
79f9e150142a001f378fee8db40ded90

SHA1
ad69589fcc2545b2182eada9c0e2cf59b8f4bb83

SHA256
af16c5800119715cbe4867a19d74a5b0f555c0aec1bafb89d381b11e8a4761b5

SHA512
432b2aeb48822ae44c3641480d2b4077ae675590df53a16001b0b8e503ad8aae4a4d4ea03f5decf67a10ef4b9ebd5c0ae34fc6f7699abdc30c88cd6a4712461b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe

Filesize
184KB

MD5
d8d6bd97843a965fee24d05f5d9b196d

SHA1
7a3b4589ca1531a91a5cc57bf3a365d8fb48692a

SHA256
a1ca799a93b86a31799b067dac849006aba1b87abb8a89352ca1983569e563df

SHA512
a6605a1e675ce951373d149a1cc68b6a8ebe012c011ae063098264c0092767693e3ed3f954c1f43f5ab9a2d45f482aa1486e31826b488621a7be68c7dce9a7b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe

Filesize
184KB

MD5
3c5c06c48ac204147a557a68c2ab3160

SHA1
cd439ede34a6d0082abc187334481ac8eba7621b

SHA256
cc4ab6b43c5e69653e373d7221de00d0b84a01c72ae44041d0547f84e476d650

SHA512
79750fb5d26b6023ddb97b86de8ec7207fd7555302bab7a7624bf72247eccdaba394fbcce74e40b2a0aa2385054ead25f295443a03561df7edc608aa71b33bca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads