ea28c2608d07e4098635ce5269ecf4d4371b7c502ef849be6096261f404608bd

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 04:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a19f5beed5d1b9bc843f88acfeb0a10N.exe
Size

184KB
MD5

2a19f5beed5d1b9bc843f88acfeb0a10
SHA1

1226e0136b4a91d44dae2fe52a2f540abeccf15d
SHA256

ea28c2608d07e4098635ce5269ecf4d4371b7c502ef849be6096261f404608bd
SHA512

5fd02da06bcb00bdfe4adf142d7cc2b3448c6c4768426bdb4817e51a2e875e16272a1a9988418935196c5694c54a7a0484403c43b7619f4c2c720f9a166fdcdf
SSDEEP

3072:9sCPwUone94NZn0SWO6biKZ8tlvnqtxiuB:9s+oDvn0liG8tlPqtxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2448	Unicorn-16311.exe
1964	Unicorn-59258.exe
2680	Unicorn-13586.exe
2820	Unicorn-43737.exe
3032	Unicorn-53943.exe
2192	Unicorn-27401.exe
1400	Unicorn-24063.exe
2652	Unicorn-8449.exe
320	Unicorn-7307.exe
580	Unicorn-57842.exe
2836	Unicorn-4536.exe
1516	Unicorn-40738.exe
1976	Unicorn-57266.exe
2160	Unicorn-37400.exe
1936	Unicorn-51136.exe
2988	Unicorn-42819.exe
604	Unicorn-50417.exe
3012	Unicorn-42435.exe
2336	Unicorn-36305.exe
1036	Unicorn-27168.exe
844	Unicorn-6425.exe
1252	Unicorn-16595.exe
1216	Unicorn-50336.exe
1316	Unicorn-49194.exe
3048	Unicorn-29593.exe
1120	Unicorn-16787.exe
1912	Unicorn-62458.exe
1156	Unicorn-33123.exe
2284	Unicorn-46423.exe
1500	Unicorn-751.exe
1488	Unicorn-59089.exe
2508	Unicorn-56828.exe
1596	Unicorn-64227.exe
2108	Unicorn-41753.exe
2684	Unicorn-39650.exe
1852	Unicorn-60585.exe
3040	Unicorn-24575.exe
1060	Unicorn-44441.exe
2608	Unicorn-9666.exe
2656	Unicorn-27145.exe
2624	Unicorn-53879.exe
2884	Unicorn-10232.exe
1072	Unicorn-43097.exe
2720	Unicorn-23231.exe
2860	Unicorn-39567.exe
1708	Unicorn-59625.exe
1092	Unicorn-59625.exe
1808	Unicorn-59625.exe
1484	Unicorn-59625.exe
2776	Unicorn-9391.exe
2848	Unicorn-28992.exe
2128	Unicorn-9391.exe
2668	Unicorn-9391.exe
2864	Unicorn-45785.exe
1608	Unicorn-62121.exe
2984	Unicorn-6982.exe
680	Unicorn-6982.exe
2324	Unicorn-20518.exe
2064	Unicorn-29449.exe
1752	Unicorn-13112.exe
2472	Unicorn-29449.exe
3004	Unicorn-43516.exe
2196	Unicorn-57252.exe
672	Unicorn-34405.exe

Loads dropped DLL 64 IoCs

pid	Process
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2448	Unicorn-16311.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2448	Unicorn-16311.exe
1964	Unicorn-59258.exe
1964	Unicorn-59258.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2680	Unicorn-13586.exe
2680	Unicorn-13586.exe
2448	Unicorn-16311.exe
2448	Unicorn-16311.exe
3032	Unicorn-53943.exe
3032	Unicorn-53943.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2820	Unicorn-43737.exe
2820	Unicorn-43737.exe
1964	Unicorn-59258.exe
1964	Unicorn-59258.exe
1400	Unicorn-24063.exe
1400	Unicorn-24063.exe
2192	Unicorn-27401.exe
2680	Unicorn-13586.exe
2448	Unicorn-16311.exe
2680	Unicorn-13586.exe
2192	Unicorn-27401.exe
2448	Unicorn-16311.exe
320	Unicorn-7307.exe
320	Unicorn-7307.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
1964	Unicorn-59258.exe
1964	Unicorn-59258.exe
2836	Unicorn-4536.exe
2836	Unicorn-4536.exe
580	Unicorn-57842.exe
580	Unicorn-57842.exe
2820	Unicorn-43737.exe
2820	Unicorn-43737.exe
1516	Unicorn-40738.exe
1516	Unicorn-40738.exe
1936	Unicorn-51136.exe
1936	Unicorn-51136.exe
1400	Unicorn-24063.exe
2448	Unicorn-16311.exe
1400	Unicorn-24063.exe
2448	Unicorn-16311.exe
2192	Unicorn-27401.exe
1976	Unicorn-57266.exe
2192	Unicorn-27401.exe
1976	Unicorn-57266.exe
2652	Unicorn-8449.exe
2652	Unicorn-8449.exe
3032	Unicorn-53943.exe
3032	Unicorn-53943.exe
2160	Unicorn-37400.exe
2160	Unicorn-37400.exe
2680	Unicorn-13586.exe
2680	Unicorn-13586.exe
604	Unicorn-50417.exe
604	Unicorn-50417.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3068	2128	WerFault.exe	82
1904	2884	WerFault.exe	72
3296	2868	WerFault.exe	153
3876	1224	WerFault.exe	125
3996	2064	WerFault.exe	91
3584	2144	WerFault.exe	163
3592	1596	WerFault.exe	63
3304	2096	WerFault.exe	171
4960	2524	WerFault.exe	182
5092	3024	WerFault.exe	181
4584	1608	WerFault.exe	85
4588	1260	WerFault.exe	129
5024	2928	WerFault.exe	145
5008	1648	WerFault.exe	154
4116	1168	WerFault.exe	155
5044	1708	WerFault.exe	77
4888	2124	WerFault.exe	140
4944	908	WerFault.exe	117
5532	2644	WerFault.exe	159
5284	1020	WerFault.exe	131
5644	2748	WerFault.exe	209
6064	484	WerFault.exe	168
5212	2812	WerFault.exe	110
5288	1692	WerFault.exe	170
5816	3064	WerFault.exe	180
5860	2020	WerFault.exe	98
6820	3384	WerFault.exe	231
6972	1956	WerFault.exe	193
7124	4048	WerFault.exe	262
6160	2840	WerFault.exe	151
6772	3320	WerFault.exe	278
6600	2716	WerFault.exe	143
7116	1936	WerFault.exe	45
6480	2348	WerFault.exe	147
6396	2428	WerFault.exe	150
7224	3028	WerFault.exe	142
7220	1588	WerFault.exe	185
8820	3292	WerFault.exe	309
8936	3700	WerFault.exe	245
8920	3496	WerFault.exe	270
8720	896	WerFault.exe	101
8432	3548	WerFault.exe	303
8864	3720	WerFault.exe	305
8360	1628	WerFault.exe	137
8492	344	WerFault.exe	157
8200	1488	WerFault.exe	61
8268	1912	WerFault.exe	56
9176	2268	WerFault.exe	130
9264	1316	WerFault.exe	55
9256	2984	WerFault.exe	87
9364	2940	WerFault.exe	118
9344	3324	WerFault.exe	268
9332	1036	WerFault.exe	50
9580	1196	WerFault.exe	95
9564	2848	WerFault.exe	81
9968	2508	WerFault.exe	62
10084	1736	WerFault.exe	133
10144	1408	WerFault.exe	202
9628	1492	WerFault.exe	99
9896	2912	WerFault.exe	186
10692	3616	WerFault.exe	242
10684	804	WerFault.exe	190
10760	2656	WerFault.exe	70
11076	3268	WerFault.exe	301

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe
2448	Unicorn-16311.exe
1964	Unicorn-59258.exe
2680	Unicorn-13586.exe
2820	Unicorn-43737.exe
3032	Unicorn-53943.exe
2192	Unicorn-27401.exe
1400	Unicorn-24063.exe
320	Unicorn-7307.exe
2652	Unicorn-8449.exe
2836	Unicorn-4536.exe
580	Unicorn-57842.exe
1976	Unicorn-57266.exe
1936	Unicorn-51136.exe
2160	Unicorn-37400.exe
1516	Unicorn-40738.exe
2988	Unicorn-42819.exe
604	Unicorn-50417.exe
3012	Unicorn-42435.exe
2336	Unicorn-36305.exe
1036	Unicorn-27168.exe
844	Unicorn-6425.exe
1216	Unicorn-50336.exe
1252	Unicorn-16595.exe
1316	Unicorn-49194.exe
1120	Unicorn-16787.exe
3048	Unicorn-29593.exe
1156	Unicorn-33123.exe
1912	Unicorn-62458.exe
1500	Unicorn-751.exe
2284	Unicorn-46423.exe
1488	Unicorn-59089.exe
2508	Unicorn-56828.exe
1596	Unicorn-64227.exe
2108	Unicorn-41753.exe
2684	Unicorn-39650.exe
1852	Unicorn-60585.exe
1060	Unicorn-44441.exe
3040	Unicorn-24575.exe
2608	Unicorn-9666.exe
2656	Unicorn-27145.exe
2624	Unicorn-53879.exe
2884	Unicorn-10232.exe
1072	Unicorn-43097.exe
2720	Unicorn-23231.exe
2860	Unicorn-39567.exe
1708	Unicorn-59625.exe
1808	Unicorn-59625.exe
2776	Unicorn-9391.exe
1484	Unicorn-59625.exe
1092	Unicorn-59625.exe
2848	Unicorn-28992.exe
2668	Unicorn-9391.exe
1608	Unicorn-62121.exe
2128	Unicorn-9391.exe
2864	Unicorn-45785.exe
680	Unicorn-6982.exe
2324	Unicorn-20518.exe
2984	Unicorn-6982.exe
2064	Unicorn-29449.exe
2472	Unicorn-29449.exe
1752	Unicorn-13112.exe
3004	Unicorn-43516.exe
2196	Unicorn-57252.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2448	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	30
PID 2032 wrote to memory of 2448	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	30
PID 2032 wrote to memory of 2448	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	30
PID 2032 wrote to memory of 2448	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	30
PID 2032 wrote to memory of 1964	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	31
PID 2032 wrote to memory of 1964	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	31
PID 2032 wrote to memory of 1964	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	31
PID 2032 wrote to memory of 1964	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	31
PID 2448 wrote to memory of 2680	2448	Unicorn-16311.exe	32
PID 2448 wrote to memory of 2680	2448	Unicorn-16311.exe	32
PID 2448 wrote to memory of 2680	2448	Unicorn-16311.exe	32
PID 2448 wrote to memory of 2680	2448	Unicorn-16311.exe	32
PID 1964 wrote to memory of 2820	1964	Unicorn-59258.exe	34
PID 1964 wrote to memory of 2820	1964	Unicorn-59258.exe	34
PID 1964 wrote to memory of 2820	1964	Unicorn-59258.exe	34
PID 1964 wrote to memory of 2820	1964	Unicorn-59258.exe	34
PID 2032 wrote to memory of 3032	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	35
PID 2032 wrote to memory of 3032	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	35
PID 2032 wrote to memory of 3032	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	35
PID 2032 wrote to memory of 3032	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	35
PID 2680 wrote to memory of 2192	2680	Unicorn-13586.exe	36
PID 2680 wrote to memory of 2192	2680	Unicorn-13586.exe	36
PID 2680 wrote to memory of 2192	2680	Unicorn-13586.exe	36
PID 2680 wrote to memory of 2192	2680	Unicorn-13586.exe	36
PID 2448 wrote to memory of 1400	2448	Unicorn-16311.exe	37
PID 2448 wrote to memory of 1400	2448	Unicorn-16311.exe	37
PID 2448 wrote to memory of 1400	2448	Unicorn-16311.exe	37
PID 2448 wrote to memory of 1400	2448	Unicorn-16311.exe	37
PID 3032 wrote to memory of 2652	3032	Unicorn-53943.exe	38
PID 3032 wrote to memory of 2652	3032	Unicorn-53943.exe	38
PID 3032 wrote to memory of 2652	3032	Unicorn-53943.exe	38
PID 3032 wrote to memory of 2652	3032	Unicorn-53943.exe	38
PID 2032 wrote to memory of 320	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	39
PID 2032 wrote to memory of 320	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	39
PID 2032 wrote to memory of 320	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	39
PID 2032 wrote to memory of 320	2032	2a19f5beed5d1b9bc843f88acfeb0a10N.exe	39
PID 2820 wrote to memory of 580	2820	Unicorn-43737.exe	40
PID 2820 wrote to memory of 580	2820	Unicorn-43737.exe	40
PID 2820 wrote to memory of 580	2820	Unicorn-43737.exe	40
PID 2820 wrote to memory of 580	2820	Unicorn-43737.exe	40
PID 1964 wrote to memory of 2836	1964	Unicorn-59258.exe	41
PID 1964 wrote to memory of 2836	1964	Unicorn-59258.exe	41
PID 1964 wrote to memory of 2836	1964	Unicorn-59258.exe	41
PID 1964 wrote to memory of 2836	1964	Unicorn-59258.exe	41
PID 1400 wrote to memory of 1516	1400	Unicorn-24063.exe	42
PID 1400 wrote to memory of 1516	1400	Unicorn-24063.exe	42
PID 1400 wrote to memory of 1516	1400	Unicorn-24063.exe	42
PID 1400 wrote to memory of 1516	1400	Unicorn-24063.exe	42
PID 2680 wrote to memory of 2160	2680	Unicorn-13586.exe	44
PID 2680 wrote to memory of 2160	2680	Unicorn-13586.exe	44
PID 2680 wrote to memory of 2160	2680	Unicorn-13586.exe	44
PID 2680 wrote to memory of 2160	2680	Unicorn-13586.exe	44
PID 2192 wrote to memory of 1976	2192	Unicorn-27401.exe	43
PID 2192 wrote to memory of 1976	2192	Unicorn-27401.exe	43
PID 2192 wrote to memory of 1976	2192	Unicorn-27401.exe	43
PID 2192 wrote to memory of 1976	2192	Unicorn-27401.exe	43
PID 2448 wrote to memory of 1936	2448	Unicorn-16311.exe	45
PID 2448 wrote to memory of 1936	2448	Unicorn-16311.exe	45
PID 2448 wrote to memory of 1936	2448	Unicorn-16311.exe	45
PID 2448 wrote to memory of 1936	2448	Unicorn-16311.exe	45
PID 320 wrote to memory of 2988	320	Unicorn-7307.exe	46
PID 320 wrote to memory of 2988	320	Unicorn-7307.exe	46
PID 320 wrote to memory of 2988	320	Unicorn-7307.exe	46
PID 320 wrote to memory of 2988	320	Unicorn-7307.exe	46

C:\Users\Admin\AppData\Local\Temp\2a19f5beed5d1b9bc843f88acfeb0a10N.exe
"C:\Users\Admin\AppData\Local\Temp\2a19f5beed5d1b9bc843f88acfeb0a10N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        9⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        9⤵
        Program crash
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        9⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        9⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        8⤵
        Program crash
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19853.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        9⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        9⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 236
        8⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        8⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
        8⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        7⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        7⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        7⤵
        
        PID:11176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        7⤵
        Program crash
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        6⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        8⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        7⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        6⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
        7⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        7⤵
        
        PID:9936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        6⤵
        
        PID:6240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        6⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31195.exe
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 220
        9⤵
        Program crash
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
        8⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        8⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        8⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        8⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        8⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        7⤵
        Program crash
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        6⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45566.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        7⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        7⤵
        
        PID:10364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:6716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        6⤵
        Program crash
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        8⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        7⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        7⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        7⤵
        
        PID:10272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        6⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48717.exe
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        7⤵
        
        PID:10844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47993.exe
        6⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45341.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        6⤵
        
        PID:10924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        5⤵
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        6⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        7⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2043.exe
        7⤵
        
        PID:10356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45182.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        6⤵
        
        PID:7028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
        6⤵
        Program crash
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6909.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        5⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25705.exe
        5⤵
        
        PID:9300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36157.exe
        9⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        9⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        8⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        8⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
        7⤵
        Program crash
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        7⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        7⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        7⤵
        
        PID:9728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        6⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        6⤵
        
        PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        7⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
        7⤵
        Program crash
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        6⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        6⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
        6⤵
        
        PID:9276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14564.exe
        5⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        7⤵
        
        PID:10592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        6⤵
        
        PID:5260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 220
        6⤵
        Program crash
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        5⤵
        
        PID:9324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        6⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        7⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        7⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        7⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        7⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        5⤵
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        6⤵
        
        PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        5⤵
        
        PID:6236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        5⤵
        Program crash
        
        PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        5⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        7⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        7⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 220
        7⤵
        Program crash
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        6⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53534.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        5⤵
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
        5⤵
        
        PID:7276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16155.exe
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10560.exe
        6⤵
        
        PID:8392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 208
        6⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        5⤵
        
        PID:6140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        5⤵
        Program crash
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
      4⤵
      PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
      4⤵
      PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
      4⤵
      PID:9556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        8⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        8⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        8⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        8⤵
        Program crash
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        7⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        6⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        7⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        7⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        7⤵
        Program crash
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        6⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2338.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        7⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
        7⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        7⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1082.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
        6⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        6⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        7⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        7⤵
        
        PID:11016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        6⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        7⤵
        
        PID:9284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        6⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        6⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        6⤵
        
        PID:10948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        6⤵
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
        6⤵
        Program crash
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        5⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        6⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        6⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        5⤵
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
        5⤵
        
        PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
        8⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
        8⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        7⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        6⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        7⤵
        
        PID:10640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        6⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        6⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        6⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13233.exe
        7⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45675.exe
        6⤵
        
        PID:4612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        6⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        6⤵
        
        PID:848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        5⤵
        
        PID:2748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
        6⤵
        Program crash
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65275.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55031.exe
        5⤵
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61033.exe
        5⤵
        
        PID:10892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        6⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        7⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        6⤵
        
        PID:5384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        6⤵
        Program crash
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11996.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        6⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        5⤵
        
        PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        5⤵
        
        PID:7156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        Program crash
        
        PID:9256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
      4⤵
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        5⤵
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13208.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        6⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        6⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
        5⤵
        
        PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        5⤵
        
        PID:8736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        5⤵
        
        PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58765.exe
      4⤵
      PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        5⤵
        
        PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7869.exe
      4⤵
      PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50669.exe
      4⤵
      PID:10736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16008.exe
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        8⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        8⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11326.exe
        7⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
        7⤵
        
        PID:9888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50093.exe
        6⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2530.exe
        7⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        7⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 220
        7⤵
        Program crash
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59301.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
        6⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
        6⤵
        
        PID:10292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        5⤵
        
        PID:1224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 220
        6⤵
        Program crash
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1228.exe
        5⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        6⤵
        
        PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        5⤵
        
        PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43677.exe
        5⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
        5⤵
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        6⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        7⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        7⤵
        Program crash
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12509.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        6⤵
        
        PID:6804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        6⤵
        Program crash
        
        PID:9176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        5⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28942.exe
        6⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        6⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        6⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        5⤵
        
        PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1774.exe
        5⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        6⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        6⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23055.exe
        6⤵
        
        PID:9988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30524.exe
        5⤵
        
        PID:7000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        5⤵
        Program crash
        
        PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8245.exe
      4⤵
      PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
        5⤵
        
        PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56501.exe
      4⤵
      PID:4388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
      4⤵
      Program crash
      PID:7116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5122.exe
        7⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        7⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        6⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36456.exe
        6⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22832.exe
        5⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        5⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        5⤵
        
        PID:9000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        5⤵
        
        PID:11104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46073.exe
        6⤵
        
        PID:6424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        6⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60467.exe
        5⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14867.exe
        5⤵
        
        PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        5⤵
        
        PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        5⤵
        
        PID:8388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        5⤵
        
        PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      4⤵
      PID:6456
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
      4⤵
      Program crash
      PID:9264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20518.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      4⤵
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
        5⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51117.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62908.exe
        6⤵
        
        PID:7656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        6⤵
        
        PID:9760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
        5⤵
        Program crash
        
        PID:4888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60546.exe
      4⤵
      PID:8508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60470.exe
      4⤵
      PID:11172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
      4⤵
      PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        5⤵
        
        PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
        5⤵
        
        PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
      4⤵
      PID:5100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
      4⤵
      Program crash
      PID:6600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
    3⤵
    PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
      4⤵
      PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53330.exe
      4⤵
      PID:10812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
    3⤵
    PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
    3⤵
    PID:6952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
    3⤵
    PID:9292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        9⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        9⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-760.exe
        9⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10659.exe
        8⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        8⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        8⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        7⤵
        Program crash
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        6⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        8⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        7⤵
        Program crash
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        6⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
        7⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27290.exe
        7⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        6⤵
        
        PID:6504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        6⤵
        Program crash
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46477.exe
        7⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        7⤵
        Program crash
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
        6⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52342.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
        6⤵
        
        PID:10644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47813.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        6⤵
        
        PID:5312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        6⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        5⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        6⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42142.exe
        5⤵
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6732.exe
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        5⤵
        
        PID:11108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17646.exe
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 204
        9⤵
        Program crash
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61407.exe
        8⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        8⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        8⤵
        
        PID:528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
        7⤵
        Program crash
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        6⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        6⤵
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2445.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:10736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        6⤵
        Program crash
        
        PID:10760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        5⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44483.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        7⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        7⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        6⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        6⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        6⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        6⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        5⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        6⤵
        
        PID:4372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        6⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        6⤵
        
        PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45472.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2171.exe
        5⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        5⤵
        
        PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
        5⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40655.exe
        7⤵
        
        PID:9848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25075.exe
        6⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
        6⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3699.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        6⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        6⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        6⤵
        
        PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        5⤵
        
        PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        5⤵
        
        PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        5⤵
        
        PID:3024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        6⤵
        Program crash
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
        6⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10752.exe
        6⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47382.exe
        6⤵
        
        PID:10340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        5⤵
        
        PID:6072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
        5⤵
        Program crash
        
        PID:7220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40190.exe
      4⤵
      PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62461.exe
        5⤵
        
        PID:6888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        5⤵
        
        PID:8528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        5⤵
        
        PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6481.exe
      4⤵
      PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe
      4⤵
      PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        7⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38246.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        9⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
        9⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        8⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        8⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        8⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        7⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        7⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        7⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
        6⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        6⤵
        
        PID:6200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        6⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
        6⤵
        
        PID:10744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        6⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        7⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        7⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
        7⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4971.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31645.exe
        6⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
        6⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        6⤵
        
        PID:4576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        6⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        5⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        5⤵
        
        PID:8376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        5⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
        6⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5122.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        7⤵
        
        PID:10352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        6⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        6⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65165.exe
        6⤵
        
        PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        5⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        6⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        6⤵
        
        PID:10276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        5⤵
        
        PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        6⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        7⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        7⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29307.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        6⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15752.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        6⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        6⤵
        
        PID:11256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        5⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        5⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        5⤵
        
        PID:9796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24292.exe
        5⤵
        
        PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        5⤵
        
        PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
      4⤵
      PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
      4⤵
      PID:8540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
      4⤵
      PID:10264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        5⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        7⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        7⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47558.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
        6⤵
        
        PID:7768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        6⤵
        
        PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47534.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        6⤵
        
        PID:10716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        5⤵
        
        PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        5⤵
        
        PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44465.exe
        5⤵
        
        PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        6⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        6⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
      4⤵
      PID:6432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
      4⤵
      PID:9060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
      4⤵
      PID:11220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
      4⤵
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
        5⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
        6⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        6⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8293.exe
        6⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        5⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
        5⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        5⤵
        
        PID:9656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31737.exe
      4⤵
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46218.exe
        5⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
        5⤵
        
        PID:7532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        5⤵
        Program crash
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
      4⤵
      PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
      4⤵
      PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
      4⤵
      PID:9780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15983.exe
    3⤵
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        5⤵
        
        PID:4188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        5⤵
        Program crash
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      4⤵
      PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
      4⤵
      PID:10024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
    3⤵
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
      4⤵
      PID:4292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
      4⤵
      PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
      4⤵
      PID:10004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
    3⤵
    PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33750.exe
    3⤵
    PID:7440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
    3⤵
    PID:10188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40394.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44620.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        8⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        8⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
        7⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        7⤵
        Program crash
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36864.exe
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        7⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        6⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        6⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        6⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        6⤵
        
        PID:10424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        5⤵
        
        PID:2868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        6⤵
        Program crash
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        5⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        6⤵
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        6⤵
        Program crash
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        5⤵
        
        PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
        5⤵
        
        PID:10932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        6⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        6⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        6⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        6⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58642.exe
        5⤵
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        5⤵
        
        PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
        5⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        5⤵
        
        PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
      4⤵
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        5⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        6⤵
        
        PID:8948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        6⤵
        
        PID:10728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
        5⤵
        Program crash
        
        PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
      4⤵
      PID:4660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38495.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
      4⤵
      PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
      4⤵
      PID:10908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        5⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        7⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49486.exe
        7⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        6⤵
        
        PID:8860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        6⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        5⤵
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        6⤵
        
        PID:5524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        6⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        6⤵
        
        PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
        5⤵
        
        PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
        5⤵
        
        PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
      4⤵
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        6⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        6⤵
        
        PID:8976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        6⤵
        Program crash
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
        5⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        5⤵
        
        PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        5⤵
        
        PID:9080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21151.exe
        5⤵
        
        PID:10864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
      4⤵
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        5⤵
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
        5⤵
        
        PID:7716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        5⤵
        
        PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
      4⤵
      PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
      4⤵
      PID:9316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22148.exe
      4⤵
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
        6⤵
        
        PID:7016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        6⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        5⤵
        
        PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        5⤵
        
        PID:8740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27204.exe
      4⤵
      PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
      4⤵
      PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44018.exe
      4⤵
      PID:9104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
      4⤵
      PID:11188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4778.exe
    3⤵
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
      4⤵
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        5⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32741.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        5⤵
        
        PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      4⤵
      PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58215.exe
      4⤵
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
      4⤵
      PID:8520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
      4⤵
      PID:10952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
    3⤵
    PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19477.exe
      4⤵
      PID:9784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
    3⤵
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
    3⤵
    PID:6288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
    3⤵
    PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
    3⤵
    PID:10768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        5⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        6⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        7⤵
        
        PID:9312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27882.exe
        6⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        6⤵
        
        PID:7320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 220
        6⤵
        Program crash
        
        PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
        5⤵
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
        6⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2710.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        7⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 208
        7⤵
        
        PID:10512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        6⤵
        Program crash
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        6⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58607.exe
        5⤵
        
        PID:8184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
        5⤵
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        6⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50634.exe
        6⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
        6⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        6⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        5⤵
        
        PID:4508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        5⤵
        Program crash
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29053.exe
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        5⤵
        
        PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        5⤵
        
        PID:8788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        5⤵
        Program crash
        
        PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      4⤵
      PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
      4⤵
      PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
      4⤵
      PID:8908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
      4⤵
      PID:10700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
      4⤵
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        5⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        6⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48525.exe
        6⤵
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29817.exe
        6⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56694.exe
        5⤵
        
        PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56320.exe
        5⤵
        
        PID:10916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
      4⤵
      PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        5⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        6⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        6⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
        5⤵
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41524.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
      4⤵
      PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      4⤵
      PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27643.exe
      4⤵
      PID:9528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51539.exe
    3⤵
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21645.exe
      4⤵
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        5⤵
        
        PID:4324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        5⤵
        Program crash
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26943.exe
      4⤵
      PID:7044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
      4⤵
      Program crash
      PID:8720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
    3⤵
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
      4⤵
      PID:4592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
      4⤵
      PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
      4⤵
      PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
      4⤵
      PID:10788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6942.exe
    3⤵
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
    3⤵
    PID:6484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64563.exe
    3⤵
    PID:9132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
    3⤵
    PID:11204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
      4⤵
      Executes dropped EXE
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
        5⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48806.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        7⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        7⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
        7⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        6⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        6⤵
        
        PID:9824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        6⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        6⤵
        
        PID:8968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        5⤵
        
        PID:7844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        5⤵
        
        PID:10236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25769.exe
      4⤵
      PID:2144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 220
        5⤵
        Program crash
        
        PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
      4⤵
      PID:7548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
      4⤵
      Program crash
      PID:9968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31067.exe
    3⤵
    PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        5⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62349.exe
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        6⤵
        
        PID:7976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        6⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33705.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        5⤵
        
        PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
      4⤵
      PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        5⤵
        
        PID:8224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        5⤵
        
        PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
      4⤵
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39571.exe
      4⤵
      PID:7288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
      4⤵
      Program crash
      PID:9580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
    3⤵
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        5⤵
        
        PID:9252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
      4⤵
      Program crash
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
    3⤵
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54283.exe
      4⤵
      PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
      4⤵
      PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
      4⤵
      PID:11180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
    3⤵
    PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10421.exe
    3⤵
    PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
    3⤵
    PID:9544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
    3⤵
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
      4⤵
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        5⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        6⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        6⤵
        
        PID:8632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        6⤵
        Program crash
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        5⤵
        
        PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        5⤵
        
        PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        5⤵
        
        PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
      4⤵
      PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        5⤵
        
        PID:6808
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        5⤵
        Program crash
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
      4⤵
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
      4⤵
      PID:9592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51008.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        5⤵
        
        PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        5⤵
        
        PID:9484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
      4⤵
      PID:5672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
      4⤵
      PID:9384
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
    3⤵
    - Program crash
    PID:3592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
  2⤵
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
    3⤵
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      4⤵
      PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
        5⤵
        
        PID:6580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        5⤵
        Program crash
        
        PID:8920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
      4⤵
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
      4⤵
      PID:9688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
    3⤵
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
      4⤵
      PID:6708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
      4⤵
      PID:8872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
      4⤵
      PID:11124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
    3⤵
    PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13888.exe
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
    3⤵
    PID:9948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
  2⤵
  PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
    3⤵
    PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
      4⤵
      PID:4360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
      4⤵
      Program crash
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
    3⤵
    PID:6816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
    3⤵
    PID:9128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
    3⤵
    PID:11196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
  2⤵
  PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
    3⤵
    PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47789.exe
    3⤵
    PID:8584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
    3⤵
    PID:10624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
  2⤵
  PID:5464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
  2⤵
  PID:7740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
  2⤵
  PID:9396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe

Filesize
184KB

MD5
845c680b3bdd531ceb0025dc26ffca96

SHA1
5cc13c51c7a575727c594b6973eef623c36c823d

SHA256
d9c190cea09767a9ad9c8e31bc4b032e88c7d2c3988263f14af3b70cd34dd59b

SHA512
c8e33623fc940f81e62f2ebed28476ffd5abb5266fb76898338ad69a38c1cef90ff1018db4bc73584745a07734c281d2d8b3d35a8c99a18490b0d4cb4f2342cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe

Filesize
184KB

MD5
fc53f1fb7b29207aa366f864c71f71ec

SHA1
b00ef8f42986d3035641632ef5d5c32fafb74ca8

SHA256
ab4328ec4a127a4121f67e740edf4b49e9a2a0e7640eb38fb41c506d03e319da

SHA512
6b6d6def43ffd7bbe08d67187fd84ea000d99ea4ccd0a6a5f503ac290418c89c667498fd19bb2ac5cdfc58757113428455024a0e17ccdbfdc0712d57ebee26c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe

Filesize
184KB

MD5
5d8b7556eb493fa49a51229ffc185d0a

SHA1
caf2121798f700e21af69f1f7959b3ade288414b

SHA256
e47335c0d1b526b7a724b441cd3a91fbb82bb6ecfc0b8e535147f0942d77dc38

SHA512
2b28d022421ec500ae9ae93baed149db89b038ae61201d9d20c4319690cc69e04e3a57e744cfd690f3a8576359c2691f861864bd48a5e3c8ec770b8dc4cad486

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe

Filesize
184KB

MD5
7613870a4571d5af93bd252b59dc52eb

SHA1
ba61bbc84d0c149327c2605f08f03fd0d9670c5a

SHA256
56a621fcae1786e27cf384136116d9cb370ed9f3d64ef230417c2bb0c160541c

SHA512
f9f1c82d4f42f7f3a1e51a7bd3777a63a02938502fcf46a04f1d73fa7e20e426ef7c718035835330dff463821265b00967650f139e16b6dba70d3cea8d6218a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27744.exe

Filesize
184KB

MD5
6d179537913a8aea24f81e4d2ad6c9fc

SHA1
02f2fa5e15bf7d68e26006bb39729d70b77f116f

SHA256
3a08cd45aaafbf12eab993709e1c0ce2f2263e92dc173d3693be56736e01015b

SHA512
36b5e8211ab5592cb6ff359a8394d6fa5fd52ac8af4194fb9ba155bca70b959044f956f3e71c06b5a69876b8072f2b54884b45fea404911290ad6e42e259c215

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe

Filesize
184KB

MD5
dae8b3bd21e9470f618e3ef61ba7bcf9

SHA1
1ab461f03f7db10e07e798b7f57ea2c840ccfb9a

SHA256
5c41a406fd449e35f448ed81fd5d45c908a4ec62c3a8763192a4fc6b30ede4ca

SHA512
7b5c6d4ba65b942bf70e170f99ab99fdc3a1baffd1fb9fca17652acbf134ff1a23247ef71f85f4ceba2cabfd4b9e4ae15191df911bc54525c39ca553460fb2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28477.exe

Filesize
184KB

MD5
c0bba87f8bda0d8b470f9b560bd19fe5

SHA1
7b22cec1611396664be13a7f05493f03b3f29eb0

SHA256
f23875134506e86399f8c20290a2b60a5d5fedee89581c59e7a8eb1b8876c9bf

SHA512
adef1321c62588e99640b751c6b58b12f503a5cae7f92c62b722aa695ac46be4d1c2f8d8a3dfa6529f29332ffcf57cb586268ee4390a02b040145c44271c0456

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe

Filesize
184KB

MD5
af687f73c2250e075da23b0ca5f12693

SHA1
9af8cfb0001f6e88dba8fb43559b5b28d02a1f7f

SHA256
2f2f0f7e19f1cdcb113f684d952e861e7d0ed2a46926338a3fb9b303c450b953

SHA512
cc281b656a6b4af5176bdd269a0f863170841fad1a02347ab2446ecca5d374cb0fc7e7355c7f9f4e2ecdc22436a72eef182283a1e005a8ed9185560bb8efcc3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe

Filesize
184KB

MD5
8fd6f1031bbae31f7fa64fc8c679c495

SHA1
121eec8b01c0729c166190c85a8d7477d233374d

SHA256
7af80a5f3570f417f83d0accd24fa51fd2326656fdb23cebe0c3a32d5bca8cf0

SHA512
217cac9c354ef18b0628ca7819ea2197b8aa35e562f8dcda35947156c59ea7676c66183a58547d003fc6badebb1bad3d0476476394666c48e0c180299086c3cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe

Filesize
184KB

MD5
df7b3231db67786da6fcbf4ebad785ac

SHA1
b6076ccfb658b40731f53c809422f4ae00155abe

SHA256
ba849aa503bed63a1e76811470d081f6bc866c4a4fcc627bf2c2cd7b30e57c4c

SHA512
bc4d1af458be3493d5d3f0e90dfc5862ad99a3121eb04f94fd196f0f4691e7247c2b2785d29d9078ed21265cc5bff0314e9382ca6c4240db9ab41a94e60c1e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe

Filesize
184KB

MD5
93370fb6cf87abd76df4f1c308cb3575

SHA1
2495493a2b48a8e25331f8810b556de745d0b560

SHA256
ecd1117828d8ad374ad27652b54713642f4c0eed14164390c92fc929867fd525

SHA512
f809a1cf3d727f9b4ab57d815f1d6241729279aeda1926c8ab2b51823632737d6589cb1ebde4a508590a799f465e0694b42902def11ed589ec7ff071dcbd0215

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42052.exe

Filesize
184KB

MD5
e4f4cdc0d12edee84669d9fa36e4173e

SHA1
c1a4f283dd1172aafd39957a3cb65cb597823e10

SHA256
07bf0a623a43bf7c56ffd245ade5d8c984874f2e490e0a83c9cccbecc0c8dfad

SHA512
47e31f38fac590a24d1cf9dea8d6e50288ad3567eb30c8a715e594f6c55fdd10dc68b77a1441b625be3624598c2e8f8f09a4013c2c851494629eac31621ab242

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe

Filesize
184KB

MD5
fad44725c14ae6f8992f6e1b33957979

SHA1
e06c80a1a3e5233680063bd35e46224698aff589

SHA256
1be2bf1e226ccf7e5583df1447acb01bc90caf29a4f0834a2a54810ffe73871d

SHA512
eb094ceb2c891effd7f6cfdfc09d098a587b78edd0f47e4fe398ff7137e487834ede5983751d16375dcab06447fbef1759313203a43405bfaa86736a01b14f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4466.exe

Filesize
184KB

MD5
21c98f25bbf5792e0f575b4a2d153f19

SHA1
ceb9927b93436028534b8949cb702e03c1e4b7c5

SHA256
9af60fdd74ff36d91ccb0401f58654de127e4bf9faad11063ed22ad75a006508

SHA512
fc6b7df1619b44549d6c9638082d772d85e0f1577c897fed68d02aac119c8da0132c6594212a2eea39f1bd395f57bc26f26cfd38870979582d7bf678a773c5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe

Filesize
184KB

MD5
ad0f758eee0393ce6350da38725bfd21

SHA1
33b2e4f0148aedf3201af3ad5b934b4576082aa6

SHA256
5779dcb7be9440f0279de6f403383cb22dc39d390f60fa32e6c29e07c590512e

SHA512
fc710432ef6c9a4ca9e143934258db8c0b046b0781d2aa366110cbbf3d3cb61bcf377bf6961f364b1aa21feca6d07ce3b7e8e09f92cd4f3624fd0c3b8cfb82cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe

Filesize
184KB

MD5
34e9058a0eee453194b41b93250bc993

SHA1
7c22218abdb9727e3f43574eb5c25c3f8603ad62

SHA256
f903dbe13fbb3fc75b01c84a5b345b32817a41ec36952ffe3ceac79ce8b4d7bf

SHA512
4d5989457098861c7e84939864af6c86b94207a74fe709b8c7f50054a3d84e5d028171952cfcb26867f27f4eecff275fc988e6d74a677166004f0c858c1de488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe

Filesize
184KB

MD5
24ded76be7cd3da6afa3ed5fff799bdf

SHA1
03a163bbfb8e0528936eede488c48ad23c33e3cc

SHA256
3b1cddf6c7b6a1d1bfed35783fc3792369ae492cb7b893ecd03af07d2247b7cb

SHA512
85664f2fd661fdd542156368fba2d855c5627b39b49113ee03bd29b4a829d6efb13a3d6b52b6031fba5c5b32cee158691ee247693cca37777aa17e695bd8b706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48221.exe

Filesize
184KB

MD5
bdfaec8a9f43d558bb6f742cf75b881a

SHA1
5934b4d6d30b8625d980f85b73998c1036c4c815

SHA256
db07a0ab84111cdcdbc5ffb68d533cb6fc3be6582630ca67abcb4b03bc11198e

SHA512
e4fdb8b157dab734d031e11951bd95f51cdef85f5c6a5b54ddbed202752fe4caab39722b4d996912a32d20d8872d41c82fd2d18830639e98eac44bd649bac0ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50417.exe

Filesize
184KB

MD5
454392858b4051ee7c54f9b20a0574ef

SHA1
f57623ac1c4ee046f178a508e809333c589e7a5e

SHA256
384da75f2a83e0fd7604c6df7e548311a26e8c534f2c4811467f1073c53b4bab

SHA512
07c3576dfdafb077552609b3a34e9f2d6255cc6b2eff66693ff9aea69c225aa231679554970e5e094087bba7c21e2947f2e6a96da42135507f77a7fc681c5a37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe

Filesize
184KB

MD5
979d4c40358bc0b8fa2c25888691aa69

SHA1
69828877e5edb6dc94e3c7a5a0bde30548a58708

SHA256
0390e84e413d31a4450a61d089d9b92d710cf661918e37bfc1de2e10d2f428b6

SHA512
298fe0ab54d617f89c93403816a19f82f2f5be1d1b2febd364575fb6abfcb366995d50d5809c0d7c939cf755ac301850ce80ee2f9599e3bbf44bd10d521418a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe

Filesize
184KB

MD5
7ff1b52a4cb45cdfba368f3cbf8a7166

SHA1
fa682e30a39a7de2ca512d21df5b3bdd5628f6df

SHA256
6ce706e506f6af2a0a1e6d3a417725a1accd33e11231fe94938f518d0a71e918

SHA512
e717f8b120a171f3d00eb0127b8b5350e322115fad9c8bf0446e88c71eec8ef2ea8566353d8191e488ff135cb6ace49d965e4881ee6f215d2b5d5bbc7d5532ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe

Filesize
184KB

MD5
cf6347a57131e62a81b89aab70422580

SHA1
62a9e9f2ba6edd16ab65806fc3e49da0470f13b7

SHA256
7a5740a767d0bdd61290410aa4413f147397888c8967d20a8bdc2952f4c3a1aa

SHA512
23f5ff4d3a0cd43027450ab3cd10b6fcbb723e65fb01eb670da95dcf9824326c557444d81c879ebc0403e47482a5671bd073812358e36b542a83935e50c25110

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe

Filesize
184KB

MD5
b055909932592e8631894d76d4826cbc

SHA1
74c7c33970a079ace47d9e4fe5eb7d137b0b3873

SHA256
ab3f945be3fbd9c0767eb696308d4e0b96498c9beea5734ba22facb5217adedb

SHA512
93b371b017ff7489b2e5d7f990258487f0e16eb6592f7ab0bd5b91c7ad758105b55ca3d3811dadfafd74fb58a96329a19a80be3954cbc98ec371785c37587b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe

Filesize
184KB

MD5
e8f91a834b50667ee56d16ff53c95772

SHA1
20fe1bdc4792c219214d2cd3edaebe542d64facf

SHA256
23fadaed93384666b486cdc2262a71cdbce885fe51e9c5dd9bb61b9dbb77daf1

SHA512
f5690fff69098d364fdec1041529d0c9693d72191f5e261f45c3b4cd15c3a62bbe0a585455ecba8249a782576a4bd9f4a603c6d1b4957c674e5c9a8c5ebcd710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe

Filesize
184KB

MD5
7afbc75acc01e562c3ab18813b9b5024

SHA1
2ea8b5b833e69e3222f53facb9f80506347882bd

SHA256
c4e438c9c86e270ec59568bd89a9226742e1abbf0d929aa114767d0200651aee

SHA512
7075213022c9cb8f6764b8f65fbd628900b4224b1c285917ec92115a12e3451c32501b3273ff2cb5adba46290ac0a5041539059823332b15a688a730aaad001a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe

Filesize
184KB

MD5
b6e259f2f185945e2ccfe7b3c919d1cd

SHA1
d4f8b96674a3c64f4edcaf797ef64c4a38718087

SHA256
86e652b489840a23b8dccf8a76634702ceaff139c7a661239b2eeead7954de87

SHA512
1168d09feff817e7eeaee5f0fd85da0e18d88c341313041b2552fd9a746a12080085b53f106c987634c6d09a83201e54963939db4911754c2b9f0044d50df778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe

Filesize
184KB

MD5
4d50be0fa3fad8472b171de1ba022db6

SHA1
81073ed7eea46e9336113c9af20ad1dc9bc0c952

SHA256
3d3503b8af4b0502c0ad6de5853079f40284efe47f90e426ba9bb2203175dc96

SHA512
7841e4faf6706ee73b4b2b0f67f792f741cc0b5e69125fa1c3cfff0babeb3b374567a982454646b273906b8d5cb48b4348fabda6a0f2c79d6fbe18c9cc7aa844

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe

Filesize
184KB

MD5
b861d725a652f2beae2a406ca1f79ada

SHA1
592ef388d70c45697a0fd55f85d16e515b010874

SHA256
d640565a412b27e12dbb57bbb958c48d0540f47051032a6c434411ad980d77fd

SHA512
79bd858b969dea822f132233549f062ddd32fde2b62a0b0106b64c0a694e64423b25153964f5243174dda3540d725cdd9170abe66d7af905dbb64cdfbe057f6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16311.exe

Filesize
184KB

MD5
472b2e8ab1a17fd463ade64e8d0a42d0

SHA1
9bf85d9c20b6f5d1ea47e025a6ceaa0cf08fec65

SHA256
fc17766300a9b7bd4437f8fa29b9b39545a2857e0b2807122d4d99c66842ac7d

SHA512
ef98414583cfc010622a04c6c049c82752a5257372d48baa6f269dfb58b59ff9b8a879d484d68f195cbd25551f76dfe20bfc24a0ebac72d0df36736921b27ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe

Filesize
184KB

MD5
7ff2c961c0999e41267175dd9f260ccc

SHA1
3f4907a014ecc5cb9b2943528091d03fdb8c07db

SHA256
bab52aaf6dcf53c0f3edc0acff6198140b6f57411cb18435c949111ca798a0a3

SHA512
61c0eb172bddb009c5eb2f06d057e0e9cf499b5127bb60279ff3e502e3c8d783ee02d8400df83517378a0cee05df8fa603393d6fe6e722167fde49987d121f45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe

Filesize
184KB

MD5
40a8169a83044731466e2cc67bb69c8f

SHA1
0e5a1560bed928b5eb16f48fdf8ad9853ccf8e4e

SHA256
5d7fd3b6a6d966d61937874f7826b16f86a3ff961298a3ad4b0d7261005ea607

SHA512
066fda402e5c9c94068965e8ab2f5b049f4c6d5cd6b9e40a3185b470687e04334c2477960f71e03947a3d156d6095f98206a6e5313eb15e9602f7581341e4ef1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe

Filesize
184KB

MD5
c5165d2adbe34e1c255ea7723ebb8284

SHA1
3ca6c56f79cc323e5a66fce4c329978829d5fa17

SHA256
9e8e722d6c7281630c8fea2edf6e7dee77c0822a78bd82b035da69cb52bc5ebc

SHA512
d0f12142403f02179e5313f07fc086c6d6fec345bbaaf0dddfe326fef02ba0359f1bfd6ca086d5dc387366193cee142df7b3028d97f00f68de48843e8ce89698

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42435.exe

Filesize
184KB

MD5
6650922f668044e79dc9eb5f421049f2

SHA1
f5f2da25402195b69bf1c304707c78c1d35f7186

SHA256
c66bdd4eee796c019eb90e73086d1cda86bda054d47d548463fa781a45f8e3e4

SHA512
e6176e0645a8f8490ce7f35d023d5510f655a37efafa2b92f2f933a95bad5b6c5b789bbd6dca085d38357b34f2799181386e8c1bd8e8b268428d6588ff7414c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe

Filesize
184KB

MD5
1132e6d5b83b554605868e5e0ed66a22

SHA1
defaef9cf1ed0a579c6a5d271330f3963645ac23

SHA256
60dde378962b41be346247c376d1a7953d726627a1c19d49cce5b53a190f9929

SHA512
4930ba92d002eefb39bbb2b4e3600d0d9dfad0284b9f261955cd14118abe59cb7348d3d1ee5800937cb9af0b36d825edab4397e86add5c522ac5327e09082792

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe

Filesize
184KB

MD5
9972d1513f3b5303cc73600b000fb4a2

SHA1
cc4a994fbdcf469e385b142e7e6c0202a17916d5

SHA256
a9acd77152e8181608215a2a5ca8e7c21b133a4bbed4a704e97e7a14bd807baa

SHA512
ccd5163eb084ddc59e06519d283a9b42c4f06660bbc044bb01a24d42094d39087954931a18032d41e8e60860184942c540c53735342abe96609a1348489d2409

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe

Filesize
184KB

MD5
1226d7323d493806ece67d0131caac76

SHA1
08f2f234080987ea6e43dce877108855de7d9bdc

SHA256
f61e451deb27402d08bb82533956f8f4a64a4cc3fd11b224b09e0e69a7ebc541

SHA512
a4f5a63d647f0ec95d1e011460f1afa20333a16730064de2b35a275af2c24f32227f3a29436f87d250cb8d1e1e2e1fc24a6c90e64e667c87155e98889e49ef47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57266.exe

Filesize
184KB

MD5
fa28ef57baff62cc70e16b77c371b1e3

SHA1
5ea7a2ea5a931de1a1de74eb2280ee3f2eb9b86d

SHA256
0b1ca7f637142c5d55902b58669a30da558666a8abca218e9d49f19f1c7486af

SHA512
aba03f01d1cdaab144d24e0d2403b1648a590211910be94b527036528ece3002faf188452bf234f5d52a161efee8bff02e8cbc3cf7be714ae8796afe63e39114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe

Filesize
184KB

MD5
679a6bbfc99e1d3191b3cf1ae1f600fb

SHA1
0594f4b13b72e80c7749c43283e684ec1440bbdf

SHA256
7befc7b1c84d5b626be8f7d8bd9cfb4d40f82b70abd545949dfdb41111191822

SHA512
1f3f317083aa1b1948a386c0c8e59ece607ac718a318a989188471c0061dc22c9f39337e243e5ddfa889df981b66b760523c7fb747d4c2297492c884d26980af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe

Filesize
184KB

MD5
e97107849c6f7d6b621cdc8061bf7176

SHA1
eea50c27889b1f9ab211d624a575421b5a6a8533

SHA256
8d7903b15fe0d2c39ca4d370ab3a39d73c8778cfc8faef812c0e5cfbde2c9426

SHA512
312a36d999adc9c7da3587f0a735dd53b627eca9dba0f917e9baccecdc2ca7ffd79af6a234a0e63f39ad0eeda3144cc6e6a1159fc0cb203f160d1031021133ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe

Filesize
184KB

MD5
978ad50b98fcc1afde8525e7e9256158

SHA1
18980ef86b92b81b0af3e270f969b64fba2b281b

SHA256
68f64972ff609424561e80eaa12ef4c3bbcd15ef86c8136ef8e38b450675fd5b

SHA512
703d7db2cdcca34ad2635a5fd4e50b59976b8c4bfca81fb4bacfb49c1537906d766ad95e0177f37b610ce77838ef57b6b840a555463f963d3f2576130ce70129

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads