714f87abf9d2af0007afe593313b6e96bc3f3d110ca45cd620aab8a32f1e73bd

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15-07-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bab9ee9013b9513a50a2e69f2e4fe620N.exe
Size

184KB
MD5

bab9ee9013b9513a50a2e69f2e4fe620
SHA1

3fbc28c11494f4bc169e5daebb43df7f778c392b
SHA256

714f87abf9d2af0007afe593313b6e96bc3f3d110ca45cd620aab8a32f1e73bd
SHA512

08050ac3ece1c39dd40f0607cc381b09fb206da3a4477dc450f3722a1e7cdc0f34c7c1361fc56dbb398db170bce7dc2af8c5631f0678c75d0de61fc287cb8339
SSDEEP

3072:PA0Fhfoo/UCjd1zCW4PlYDsaVvXqnviu7n2:PAEokZ1zwlqsaVvqnviu7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2720	Unicorn-21631.exe
2696	Unicorn-47430.exe
2956	Unicorn-39816.exe
2592	Unicorn-56833.exe
2096	Unicorn-49220.exe
2632	Unicorn-3548.exe
1480	Unicorn-58871.exe
2144	Unicorn-4783.exe
2352	Unicorn-46371.exe
2916	Unicorn-7798.exe
2936	Unicorn-27241.exe
2756	Unicorn-13506.exe
1216	Unicorn-33372.exe
2228	Unicorn-36387.exe
1092	Unicorn-36122.exe
2252	Unicorn-34248.exe
1972	Unicorn-54114.exe
2232	Unicorn-62282.exe
2272	Unicorn-52068.exe
2304	Unicorn-45754.exe
1124	Unicorn-53657.exe
2420	Unicorn-29972.exe
2180	Unicorn-6257.exe
1748	Unicorn-6257.exe
540	Unicorn-8295.exe
1524	Unicorn-60097.exe
1336	Unicorn-14425.exe
892	Unicorn-1411.exe
920	Unicorn-56013.exe
568	Unicorn-10341.exe
556	Unicorn-22485.exe
872	Unicorn-64072.exe
2356	Unicorn-30653.exe
1576	Unicorn-6703.exe
1676	Unicorn-20438.exe
3008	Unicorn-34472.exe
2588	Unicorn-38821.exe
2612	Unicorn-64861.exe
2576	Unicorn-40911.exe
2052	Unicorn-19745.exe
676	Unicorn-34034.exe
544	Unicorn-60585.exe
2676	Unicorn-63907.exe
1120	Unicorn-31805.exe
2976	Unicorn-7855.exe
2112	Unicorn-39973.exe
2972	Unicorn-28275.exe
2944	Unicorn-48141.exe
1080	Unicorn-32359.exe
1388	Unicorn-30843.exe
2164	Unicorn-50179.exe
2544	Unicorn-52225.exe
3036	Unicorn-64212.exe
856	Unicorn-64477.exe
1952	Unicorn-54263.exe
2136	Unicorn-52780.exe
2084	Unicorn-60393.exe
1768	Unicorn-1270.exe
820	Unicorn-21136.exe
768	Unicorn-39510.exe
940	Unicorn-25028.exe
1668	Unicorn-25028.exe
1240	Unicorn-61462.exe
2428	Unicorn-9660.exe

Loads dropped DLL 64 IoCs

pid	Process
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2720	Unicorn-21631.exe
2720	Unicorn-21631.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2696	Unicorn-47430.exe
2696	Unicorn-47430.exe
2720	Unicorn-21631.exe
2956	Unicorn-39816.exe
2956	Unicorn-39816.exe
2720	Unicorn-21631.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2592	Unicorn-56833.exe
2592	Unicorn-56833.exe
2696	Unicorn-47430.exe
2696	Unicorn-47430.exe
2632	Unicorn-3548.exe
2632	Unicorn-3548.exe
2720	Unicorn-21631.exe
2720	Unicorn-21631.exe
2096	Unicorn-49220.exe
2956	Unicorn-39816.exe
2096	Unicorn-49220.exe
2956	Unicorn-39816.exe
1480	Unicorn-58871.exe
1480	Unicorn-58871.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2592	Unicorn-56833.exe
2144	Unicorn-4783.exe
2592	Unicorn-56833.exe
2144	Unicorn-4783.exe
2352	Unicorn-46371.exe
2352	Unicorn-46371.exe
2696	Unicorn-47430.exe
2696	Unicorn-47430.exe
2916	Unicorn-7798.exe
2916	Unicorn-7798.exe
2720	Unicorn-21631.exe
2720	Unicorn-21631.exe
2632	Unicorn-3548.exe
2632	Unicorn-3548.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe
1216	Unicorn-33372.exe
2756	Unicorn-13506.exe
2756	Unicorn-13506.exe
1216	Unicorn-33372.exe
2956	Unicorn-39816.exe
2956	Unicorn-39816.exe
2096	Unicorn-49220.exe
2228	Unicorn-36387.exe
2096	Unicorn-49220.exe
2228	Unicorn-36387.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
1480	Unicorn-58871.exe
1092	Unicorn-36122.exe
1480	Unicorn-58871.exe
1092	Unicorn-36122.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
828	2936	WerFault.exe	40
1740	2252	WerFault.exe	45
1512	568	WerFault.exe	60
2568	892	WerFault.exe	58
1340	556	WerFault.exe	61
3068	2676	WerFault.exe	74
2284	2976	WerFault.exe	76
2248	1124	WerFault.exe	51
2056	2228	WerFault.exe	43
2636	2084	WerFault.exe	90
1272	1080	WerFault.exe	84
2564	2112	WerFault.exe	77
1324	3012	WerFault.exe	101
1644	1692	WerFault.exe	100
628	2612	WerFault.exe	69
1956	532	WerFault.exe	106
396	1240	WerFault.exe	98
2128	2232	WerFault.exe	47
3052	2528	WerFault.exe	108
3116	1944	WerFault.exe	117
3328	2544	WerFault.exe	85
3976	1788	WerFault.exe	138
3172	2580	WerFault.exe	136
3436	1932	WerFault.exe	125
3488	2264	WerFault.exe	139
3884	2204	WerFault.exe	160
4080	3932	WerFault.exe	259
4328	3700	WerFault.exe	254
4320	3316	WerFault.exe	247
4548	968	WerFault.exe	154
4560	2208	WerFault.exe	127
4620	4244	WerFault.exe	296
4764	2980	WerFault.exe	163
4772	3288	WerFault.exe	246
4952	2752	WerFault.exe	103
4968	764	WerFault.exe	147
5024	1696	WerFault.exe	121
4148	1736	WerFault.exe	185
4144	3820	WerFault.exe	255
4628	2680	WerFault.exe	180
4656	3180	WerFault.exe	227
4880	2784	WerFault.exe	146
4928	2444	WerFault.exe	107
4976	2328	WerFault.exe	133
4356	3388	WerFault.exe	231
4436	1012	WerFault.exe	148
4540	3644	WerFault.exe	209
4608	3992	WerFault.exe	221
4832	2628	WerFault.exe	179
4120	1732	WerFault.exe	109
4696	3824	WerFault.exe	215
4752	920	WerFault.exe	59
5916	3480	WerFault.exe	233
6076	3524	WerFault.exe	205
6128	3340	WerFault.exe	198
5464	3952	WerFault.exe	219
5604	3244	WerFault.exe	229
5720	3688	WerFault.exe	238
5440	3208	WerFault.exe	245
5612	3392	WerFault.exe	248
6732	3252	WerFault.exe	228
6244	3596	WerFault.exe	207
6504	236	WerFault.exe	170
6548	3028	WerFault.exe	181

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe
2720	Unicorn-21631.exe
2696	Unicorn-47430.exe
2956	Unicorn-39816.exe
2592	Unicorn-56833.exe
2096	Unicorn-49220.exe
2632	Unicorn-3548.exe
1480	Unicorn-58871.exe
2144	Unicorn-4783.exe
2352	Unicorn-46371.exe
2916	Unicorn-7798.exe
2936	Unicorn-27241.exe
1216	Unicorn-33372.exe
2756	Unicorn-13506.exe
2228	Unicorn-36387.exe
1092	Unicorn-36122.exe
2252	Unicorn-34248.exe
1972	Unicorn-54114.exe
2232	Unicorn-62282.exe
2272	Unicorn-52068.exe
2304	Unicorn-45754.exe
2420	Unicorn-29972.exe
1124	Unicorn-53657.exe
2180	Unicorn-6257.exe
1748	Unicorn-6257.exe
540	Unicorn-8295.exe
1524	Unicorn-60097.exe
568	Unicorn-10341.exe
892	Unicorn-1411.exe
1336	Unicorn-14425.exe
920	Unicorn-56013.exe
556	Unicorn-22485.exe
872	Unicorn-64072.exe
1576	Unicorn-6703.exe
2356	Unicorn-30653.exe
1676	Unicorn-20438.exe
3008	Unicorn-34472.exe
2588	Unicorn-38821.exe
2612	Unicorn-64861.exe
2576	Unicorn-40911.exe
2052	Unicorn-19745.exe
676	Unicorn-34034.exe
544	Unicorn-60585.exe
2676	Unicorn-63907.exe
1120	Unicorn-31805.exe
2976	Unicorn-7855.exe
2544	Unicorn-52225.exe
1080	Unicorn-32359.exe
2972	Unicorn-28275.exe
2112	Unicorn-39973.exe
2944	Unicorn-48141.exe
2164	Unicorn-50179.exe
1388	Unicorn-30843.exe
3036	Unicorn-64212.exe
1952	Unicorn-54263.exe
856	Unicorn-64477.exe
2084	Unicorn-60393.exe
2136	Unicorn-52780.exe
1768	Unicorn-1270.exe
820	Unicorn-21136.exe
768	Unicorn-39510.exe
940	Unicorn-25028.exe
1668	Unicorn-25028.exe
2428	Unicorn-9660.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2720	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	30
PID 2848 wrote to memory of 2720	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	30
PID 2848 wrote to memory of 2720	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	30
PID 2848 wrote to memory of 2720	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	30
PID 2720 wrote to memory of 2696	2720	Unicorn-21631.exe	31
PID 2720 wrote to memory of 2696	2720	Unicorn-21631.exe	31
PID 2720 wrote to memory of 2696	2720	Unicorn-21631.exe	31
PID 2720 wrote to memory of 2696	2720	Unicorn-21631.exe	31
PID 2848 wrote to memory of 2956	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	32
PID 2848 wrote to memory of 2956	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	32
PID 2848 wrote to memory of 2956	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	32
PID 2848 wrote to memory of 2956	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	32
PID 2696 wrote to memory of 2592	2696	Unicorn-47430.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-47430.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-47430.exe	33
PID 2696 wrote to memory of 2592	2696	Unicorn-47430.exe	33
PID 2956 wrote to memory of 2632	2956	Unicorn-39816.exe	35
PID 2956 wrote to memory of 2632	2956	Unicorn-39816.exe	35
PID 2956 wrote to memory of 2632	2956	Unicorn-39816.exe	35
PID 2956 wrote to memory of 2632	2956	Unicorn-39816.exe	35
PID 2720 wrote to memory of 2096	2720	Unicorn-21631.exe	34
PID 2720 wrote to memory of 2096	2720	Unicorn-21631.exe	34
PID 2720 wrote to memory of 2096	2720	Unicorn-21631.exe	34
PID 2720 wrote to memory of 2096	2720	Unicorn-21631.exe	34
PID 2848 wrote to memory of 1480	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	36
PID 2848 wrote to memory of 1480	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	36
PID 2848 wrote to memory of 1480	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	36
PID 2848 wrote to memory of 1480	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	36
PID 2592 wrote to memory of 2144	2592	Unicorn-56833.exe	37
PID 2592 wrote to memory of 2144	2592	Unicorn-56833.exe	37
PID 2592 wrote to memory of 2144	2592	Unicorn-56833.exe	37
PID 2592 wrote to memory of 2144	2592	Unicorn-56833.exe	37
PID 2696 wrote to memory of 2352	2696	Unicorn-47430.exe	38
PID 2696 wrote to memory of 2352	2696	Unicorn-47430.exe	38
PID 2696 wrote to memory of 2352	2696	Unicorn-47430.exe	38
PID 2696 wrote to memory of 2352	2696	Unicorn-47430.exe	38
PID 2632 wrote to memory of 2916	2632	Unicorn-3548.exe	39
PID 2632 wrote to memory of 2916	2632	Unicorn-3548.exe	39
PID 2632 wrote to memory of 2916	2632	Unicorn-3548.exe	39
PID 2632 wrote to memory of 2916	2632	Unicorn-3548.exe	39
PID 2720 wrote to memory of 2936	2720	Unicorn-21631.exe	40
PID 2720 wrote to memory of 2936	2720	Unicorn-21631.exe	40
PID 2720 wrote to memory of 2936	2720	Unicorn-21631.exe	40
PID 2720 wrote to memory of 2936	2720	Unicorn-21631.exe	40
PID 2956 wrote to memory of 2756	2956	Unicorn-39816.exe	42
PID 2956 wrote to memory of 2756	2956	Unicorn-39816.exe	42
PID 2956 wrote to memory of 2756	2956	Unicorn-39816.exe	42
PID 2956 wrote to memory of 2756	2956	Unicorn-39816.exe	42
PID 2096 wrote to memory of 1216	2096	Unicorn-49220.exe	41
PID 2096 wrote to memory of 1216	2096	Unicorn-49220.exe	41
PID 2096 wrote to memory of 1216	2096	Unicorn-49220.exe	41
PID 2096 wrote to memory of 1216	2096	Unicorn-49220.exe	41
PID 1480 wrote to memory of 2228	1480	Unicorn-58871.exe	43
PID 1480 wrote to memory of 2228	1480	Unicorn-58871.exe	43
PID 1480 wrote to memory of 2228	1480	Unicorn-58871.exe	43
PID 1480 wrote to memory of 2228	1480	Unicorn-58871.exe	43
PID 2848 wrote to memory of 1092	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	44
PID 2848 wrote to memory of 1092	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	44
PID 2848 wrote to memory of 1092	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	44
PID 2848 wrote to memory of 1092	2848	bab9ee9013b9513a50a2e69f2e4fe620N.exe	44
PID 2592 wrote to memory of 2252	2592	Unicorn-56833.exe	45
PID 2592 wrote to memory of 2252	2592	Unicorn-56833.exe	45
PID 2592 wrote to memory of 2252	2592	Unicorn-56833.exe	45
PID 2592 wrote to memory of 2252	2592	Unicorn-56833.exe	45

C:\Users\Admin\AppData\Local\Temp\bab9ee9013b9513a50a2e69f2e4fe620N.exe
"C:\Users\Admin\AppData\Local\Temp\bab9ee9013b9513a50a2e69f2e4fe620N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        8⤵
        Program crash
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
        9⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 224
        10⤵
        Program crash
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 248
        9⤵
        Program crash
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        8⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 220
        9⤵
        Program crash
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12635.exe
        8⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        8⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 248
        8⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        9⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 224
        9⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        8⤵
        Program crash
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34332.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
        9⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        9⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        8⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        8⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 220
        8⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39746.exe
        7⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        7⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7235.exe
        7⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        7⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26989.exe
        7⤵
        
        PID:12116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        9⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 212
        10⤵
        Program crash
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47887.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        9⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        9⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        9⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43511.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        9⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        8⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        8⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        8⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        8⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        9⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 228
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        8⤵
        Program crash
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        8⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 224
        8⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        7⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
        7⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        7⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        7⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        9⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        9⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63356.exe
        9⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        8⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        8⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        8⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20887.exe
        8⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 248
        8⤵
        Program crash
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14893.exe
        8⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        8⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
        8⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        7⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 244
        7⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        8⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        8⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 224
        8⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45645.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20174.exe
        7⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59470.exe
        7⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31942.exe
        7⤵
        
        PID:10756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        6⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49174.exe
        7⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 224
        8⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        7⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        7⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 228
        7⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53592.exe
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        6⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
        6⤵
        Program crash
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8442.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        8⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 244
        8⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        7⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 224
        8⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19406.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        7⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        7⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-860.exe
        6⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        7⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 248
        7⤵
        Program crash
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44004.exe
        6⤵
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        6⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42144.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        6⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34213.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5671.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        8⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 248
        8⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        8⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        8⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        8⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21753.exe
        7⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        7⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        7⤵
        
        PID:11116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        6⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 220
        7⤵
        Program crash
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        6⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        5⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1125.exe
        6⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        7⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
        7⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        7⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21322.exe
        6⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        6⤵
        
        PID:9660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        6⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164.exe
        5⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        5⤵
        
        PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        5⤵
        
        PID:7508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
        5⤵
        
        PID:10224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        5⤵
        
        PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        10⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        10⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        10⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28106.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        10⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        10⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        9⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        9⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        9⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3398.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
        10⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        10⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        9⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
        9⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        9⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 244
        9⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        8⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        8⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        9⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 240
        9⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        8⤵
        Program crash
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7482.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        9⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        9⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        9⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        8⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        8⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19469.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        8⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        8⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46090.exe
        7⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        7⤵
        
        PID:10800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        6⤵
        Executes dropped EXE
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 224
        7⤵
        Program crash
        
        PID:396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 244
        6⤵
        Program crash
        
        PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3767.exe
        10⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        10⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47189.exe
        10⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        9⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
        9⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6002.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        8⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 244
        8⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37031.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        9⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        8⤵
        Program crash
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50252.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        7⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38091.exe
        7⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        
        PID:10884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        7⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 220
        8⤵
        Program crash
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27945.exe
        8⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49576.exe
        8⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
        7⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        7⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        7⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        6⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 224
        7⤵
        Program crash
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44702.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        6⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        6⤵
        
        PID:9600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        6⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11144.exe
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        8⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 228
        7⤵
        
        PID:7008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
        6⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 224
        6⤵
        
        PID:7048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20460.exe
        5⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        6⤵
        
        PID:4824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 248
        6⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65324.exe
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15937.exe
        6⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7615.exe
        6⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26768.exe
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61607.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20279.exe
        5⤵
        
        PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57674.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21415.exe
        10⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        9⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62332.exe
        9⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16900.exe
        9⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        9⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        9⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
        9⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        8⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 248
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        7⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6439.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        8⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        8⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 244
        8⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        7⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        7⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        7⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33632.exe
        7⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41892.exe
        6⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 224
        7⤵
        Program crash
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
        6⤵
        
        PID:5036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33139.exe
        6⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        6⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28396.exe
        6⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        5⤵
        
        PID:532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
        6⤵
        Program crash
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        5⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        6⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 220
        7⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        6⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
        6⤵
        
        PID:9708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        5⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37185.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57823.exe
        6⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        5⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        5⤵
        
        PID:8024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        5⤵
        
        PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        5⤵
        
        PID:3012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 220
        6⤵
        Program crash
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
        5⤵
        
        PID:2204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        6⤵
        Program crash
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        6⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        6⤵
        
        PID:11184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        5⤵
        
        PID:7736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        5⤵
        
        PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        5⤵
        
        PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39533.exe
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        5⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48177.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        6⤵
        
        PID:9748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 224
        6⤵
        
        PID:11000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 248
        5⤵
        Program crash
        
        PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3428.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        5⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        6⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        6⤵
        
        PID:10900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        6⤵
        
        PID:11648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58956.exe
        5⤵
        
        PID:5776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 244
        5⤵
        
        PID:7180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
      4⤵
      PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        5⤵
        
        PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
      4⤵
      PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
      4⤵
      PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
      4⤵
      PID:10392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        Program crash
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        7⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 224
        8⤵
        Program crash
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 228
        7⤵
        Program crash
        
        PID:4976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 224
        7⤵
        Program crash
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
        6⤵
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11166.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        6⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58141.exe
        7⤵
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 224
        8⤵
        Program crash
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        7⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        7⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        7⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12572.exe
        7⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        7⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
        6⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        7⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19653.exe
        7⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 220
        7⤵
        
        PID:10776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        6⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
        6⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27701.exe
        6⤵
        
        PID:8684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44919.exe
        6⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        6⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        7⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        7⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
        7⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        6⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        7⤵
        
        PID:11548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
        6⤵
        
        PID:11508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
        6⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        7⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
        7⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        6⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        6⤵
        
        PID:9776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 224
        6⤵
        
        PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48713.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        5⤵
        
        PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        5⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        5⤵
        
        PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25266.exe
        5⤵
        
        PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30258.exe
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 244
        8⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        8⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20833.exe
        7⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        7⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        7⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        7⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5795.exe
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29029.exe
        7⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        7⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21015.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        7⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
        7⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        6⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        6⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
        6⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        5⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        6⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 224
        7⤵
        Program crash
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        6⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        7⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        7⤵
        
        PID:11216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 244
        6⤵
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        5⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7342.exe
        6⤵
        
        PID:6028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 228
        6⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        5⤵
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        5⤵
        
        PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        5⤵
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 224
        5⤵
        
        PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        5⤵
        
        PID:2264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        6⤵
        Program crash
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19199.exe
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        6⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        6⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        6⤵
        
        PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        5⤵
        
        PID:5472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 248
        5⤵
        
        PID:7248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35931.exe
        6⤵
        
        PID:5372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 228
        6⤵
        
        PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        6⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10682.exe
        6⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        5⤵
        
        PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        5⤵
        
        PID:10512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        5⤵
        
        PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28982.exe
      4⤵
      PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37223.exe
        5⤵
        
        PID:3768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 224
        6⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18856.exe
        5⤵
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        5⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
        5⤵
        
        PID:10664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
      4⤵
      PID:7244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
      4⤵
      PID:9976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
      4⤵
      PID:10908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        6⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53450.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57226.exe
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
        8⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60621.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
        7⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
        7⤵
        
        PID:10936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        6⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16905.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
        7⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        6⤵
        
        PID:6568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        6⤵
        
        PID:7680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 220
        6⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        5⤵
        
        PID:3272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        6⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        7⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
        6⤵
        
        PID:6764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 244
        6⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        5⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
        5⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
        5⤵
        
        PID:9716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18193.exe
        5⤵
        
        PID:10284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
      4⤵
      Program crash
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
      4⤵
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
    3⤵
    PID:1944
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 224
      4⤵
      Program crash
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
    3⤵
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
      4⤵
      PID:4172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 220
        5⤵
        
        PID:9836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
      4⤵
      PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
      4⤵
      PID:8060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
      4⤵
      PID:10212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 244
      4⤵
      PID:11756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
    3⤵
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
      4⤵
      PID:8412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
      4⤵
      PID:11232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
    3⤵
    PID:7132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15841.exe
    3⤵
    PID:7648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
    3⤵
    PID:9704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
    3⤵
    PID:11460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        9⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        9⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        9⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        8⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        8⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        8⤵
        
        PID:9920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        8⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        7⤵
        Program crash
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        6⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        7⤵
        Program crash
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        7⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        7⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        7⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        6⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        7⤵
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        6⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        6⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27477.exe
        6⤵
        
        PID:10548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        9⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
        9⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        8⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        8⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        7⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        7⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        7⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 248
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
        7⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32499.exe
        7⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        7⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
        7⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13171.exe
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
        6⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        6⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        5⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50658.exe
        6⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 224
        7⤵
        Program crash
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        6⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        6⤵
        
        PID:7824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        6⤵
        
        PID:9720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 248
        6⤵
        
        PID:11516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2163.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        6⤵
        
        PID:7972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        6⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        6⤵
        
        PID:11336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        5⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        5⤵
        
        PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        5⤵
        
        PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        8⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        8⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 248
        7⤵
        Program crash
        
        PID:4928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
        6⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13922.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        7⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        6⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        6⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3709.exe
        5⤵
        
        PID:2528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        6⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        6⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        6⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        6⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
        5⤵
        
        PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
        5⤵
        
        PID:9432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        5⤵
        
        PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        6⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 224
        7⤵
        Program crash
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 248
        6⤵
        Program crash
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        6⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38799.exe
        7⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        6⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        6⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        6⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        5⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        5⤵
        
        PID:6216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27841.exe
        5⤵
        
        PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
      4⤵
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        5⤵
        
        PID:2680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 224
        6⤵
        Program crash
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        5⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        5⤵
        
        PID:9428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        5⤵
        
        PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46050.exe
        5⤵
        
        PID:5092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 228
        5⤵
        Program crash
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
      4⤵
      PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        5⤵
        
        PID:9736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37542.exe
        5⤵
        
        PID:10660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
      4⤵
      PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
      4⤵
      PID:8400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
      4⤵
      PID:9960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53643.exe
      4⤵
      PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        8⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        8⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 228
        8⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35023.exe
        7⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 244
        7⤵
        
        PID:10524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
        6⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        7⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29075.exe
        7⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        7⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        7⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47847.exe
        6⤵
        
        PID:8456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 248
        6⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
        5⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        6⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24587.exe
        7⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 180
        8⤵
        Program crash
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19244.exe
        7⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 240
        7⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        6⤵
        
        PID:6228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        6⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35066.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37019.exe
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        6⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
        6⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
        6⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        6⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6226.exe
        5⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        5⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        5⤵
        
        PID:8532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        5⤵
        
        PID:10992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
        5⤵
        
        PID:11352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
        5⤵
        Program crash
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
      4⤵
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        5⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        7⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        7⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        7⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        6⤵
        
        PID:6676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56345.exe
        6⤵
        
        PID:7412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        6⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        5⤵
        
        PID:11132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
      4⤵
      PID:3952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 224
        5⤵
        Program crash
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3727.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
      4⤵
      PID:11452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12474.exe
        5⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52459.exe
        7⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
        7⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        7⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25737.exe
        7⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        7⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        6⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-159.exe
        6⤵
        
        PID:6808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        6⤵
        
        PID:304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 228
        5⤵
        Program crash
        
        PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        5⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        6⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        6⤵
        
        PID:7688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 220
        6⤵
        
        PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        5⤵
        
        PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        5⤵
        
        PID:6492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65147.exe
        5⤵
        
        PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        5⤵
        
        PID:10600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        5⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        6⤵
        
        PID:9352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        6⤵
        
        PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        5⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35624.exe
        5⤵
        
        PID:7836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 228
        5⤵
        
        PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
      4⤵
      PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        5⤵
        
        PID:11628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
      4⤵
      PID:7336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 244
      4⤵
      PID:10232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      4⤵
      PID:2580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        5⤵
        Program crash
        
        PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        5⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        6⤵
        
        PID:9696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-786.exe
        6⤵
        
        PID:10740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        5⤵
        Program crash
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
      4⤵
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61727.exe
      4⤵
      PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
      4⤵
      PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
      4⤵
      PID:9296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
      4⤵
      PID:11344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
    3⤵
    PID:1788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
      4⤵
      Program crash
      PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
    3⤵
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
      4⤵
      PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8523.exe
      4⤵
      PID:10356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
      4⤵
      PID:12292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
    3⤵
    PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
    3⤵
    PID:6880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
    3⤵
    PID:8948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
    3⤵
    PID:10716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
    3⤵
    PID:12052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 224
        6⤵
        Program crash
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58333.exe
        6⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57726.exe
        7⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
        7⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        7⤵
        
        PID:9436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        6⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
        6⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30807.exe
        6⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
        5⤵
        
        PID:3524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 224
        6⤵
        Program crash
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        5⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
        5⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        5⤵
        
        PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        5⤵
        
        PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
        5⤵
        
        PID:1932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
        6⤵
        Program crash
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23283.exe
        5⤵
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 220
        6⤵
        Program crash
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        5⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27317.exe
        5⤵
        
        PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
        5⤵
        
        PID:10972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        5⤵
        
        PID:11444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
      4⤵
      Program crash
      PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        6⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        7⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        7⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
        6⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9283.exe
        7⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60757.exe
        7⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        7⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
        6⤵
        
        PID:6288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 248
        6⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        5⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
        6⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        7⤵
        
        PID:11876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        6⤵
        
        PID:6744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 224
        6⤵
        
        PID:8496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        5⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21799.exe
        6⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45967.exe
        5⤵
        
        PID:6828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49513.exe
        5⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        5⤵
        
        PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      4⤵
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        5⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        6⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34067.exe
        6⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        6⤵
        
        PID:9472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 240
        6⤵
        
        PID:11240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        5⤵
        Program crash
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
      4⤵
      PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 244
        5⤵
        Program crash
        
        PID:4696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 248
      4⤵
      Program crash
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        5⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
        6⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26837.exe
        6⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        6⤵
        
        PID:11044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 248
        5⤵
        Program crash
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        5⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        5⤵
        
        PID:7764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 220
        5⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37310.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
      4⤵
      PID:5664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
      4⤵
      PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24462.exe
    3⤵
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      4⤵
      PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8826.exe
        5⤵
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33404.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        6⤵
        
        PID:9220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        6⤵
        
        PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
        5⤵
        
        PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        5⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        5⤵
        
        PID:9608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 240
        5⤵
        
        PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17549.exe
      4⤵
      PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19720.exe
        5⤵
        
        PID:9100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 220
        5⤵
        
        PID:11072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
      4⤵
      PID:5748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
      4⤵
      PID:11168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
    3⤵
    PID:3388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 240
      4⤵
      Program crash
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
    3⤵
    PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
    3⤵
    PID:6924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
    3⤵
    PID:8520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64218.exe
    3⤵
    PID:9320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24671.exe
    3⤵
    PID:12100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 224
      4⤵
      Program crash
      PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1080
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 244
      4⤵
      Program crash
      PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
    3⤵
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57643.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        6⤵
        
        PID:8424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        6⤵
        
        PID:11200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        5⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        5⤵
        
        PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        5⤵
        
        PID:10020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 240
        5⤵
        
        PID:11180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
      4⤵
      PID:6020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 228
      4⤵
      PID:7408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
    3⤵
    PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
      4⤵
      PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
      4⤵
      PID:12344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
    3⤵
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
    3⤵
    PID:6860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28232.exe
    3⤵
    PID:8928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
    3⤵
    PID:10728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
    3⤵
    PID:11936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 244
    3⤵
    - Program crash
    PID:2568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
    3⤵
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        5⤵
        
        PID:4456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        5⤵
        Program crash
        
        PID:6244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
      4⤵
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
      4⤵
      PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
      4⤵
      PID:9744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
      4⤵
      PID:11768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62972.exe
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
      4⤵
      PID:5488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 228
      4⤵
      PID:7696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
      4⤵
      PID:11136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7176.exe
    3⤵
    PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
    3⤵
    PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
    3⤵
    PID:10568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
    3⤵
    PID:11408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
  2⤵
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
    3⤵
    PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12739.exe
      4⤵
      PID:7612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 220
      4⤵
      PID:9076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
    3⤵
    PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
    3⤵
    PID:6928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
    3⤵
    PID:10468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 228
    3⤵
    PID:11316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
  2⤵
  PID:3340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 220
    3⤵
    - Program crash
    PID:6128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
  2⤵
  PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    3⤵
    PID:9420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
    3⤵
    PID:10544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
  2⤵
  PID:6416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
  2⤵
  PID:9160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
  2⤵
  PID:10480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
  2⤵
  PID:11324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe

Filesize
184KB

MD5
d0455706ffc86412d6cb52ab07b24bba

SHA1
f02709d898da9e354ec3ea23efcd0be3db4e9213

SHA256
cdff513b6b2312f1c0037f4570111267d7c88c3962fcb9724cc40d9579301f6e

SHA512
4d10943bfb401b250df2b8539d420481fff5787e9614a468b034316766fc6eec0544bcb56321c0afae0c994ec680ab3eb975d5fe9f54065301c8e643409bcb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1328.exe

Filesize
184KB

MD5
9022467d933ec9b21003e6a7f8fff412

SHA1
d025061c98418925f7fa19a7246188500bc1b482

SHA256
7ec5a1dcaddf4b6b41c50167b59cc10cfab5dc4faf51ea24d25065a38c61093f

SHA512
040a305db4763ca69da913aa14b153d2d33e0b34b77c2a968a8423f3b249bc771d0ace8c43abc87d7f0f026a6801dfa016895849281c2b78160c5c93cfb46e37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe

Filesize
184KB

MD5
cd1e7b8c9c3aa1b4d6d73ff327f52765

SHA1
d92aa1992bce4c7a5e65015b05c8515ea1c3a9dc

SHA256
edb05875f83acd4e3a28ae68403c54c23b6ed8d0496cc7336cd251e716824be6

SHA512
db8933d23bb46dc5c8622a3ad4157f8e3035e0def089ec44bc08ce38f76707769dd456c2b384a26033bc90d8c7cc116408c916566da7d56c221cee8ea981a962

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe

Filesize
184KB

MD5
6453b3f72f7bd5a7faf281ba6db45cc1

SHA1
86333be7521e16bf1b8525330028414fb212d83f

SHA256
1683b104ae82b12191a47aa0f6c95c276a0a6ade662a4b2e6dbcb9ca3fce57dd

SHA512
8116c5ede07a530bfa224a131da694b51c244ba0b69a4534b7da1bf9757005b9231bbd37187acd14ed58df4657f17e5e562e2bf80df7dde19cb524a295c6f514

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe

Filesize
184KB

MD5
cadf16d715229e7555e4edee72e740f2

SHA1
f2d916ba49d8f7d088772696e187a186dbb942a4

SHA256
d889fc8e3d8f9245165bb3617f169461380b9c7c9493c981e03306d25a42237f

SHA512
ff5475ed489bcda564c25faee16ef5a2f11624a724ff6d84b5a4270e64004a8a235ff460c2fc14845b4cbcdbddc148cd7cfd79de6150dd9ab3acfe1743b36e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe

Filesize
184KB

MD5
64c96bf3a1be5b966723cfde9cc77738

SHA1
a59bf83afd8381b416405bb51915177b467dbb57

SHA256
8e5a276d77e657b0603d32e8027cc896c23d8ebe2977676eb1dd74b639efea93

SHA512
3e114537b4c1610ddcc46ec8962b3a113f3191dc0d09d5ad8849d6b231e9efc072eea3423854acee7830896ded77f437aaed1e0c2a74f60987967391b81b8e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe

Filesize
184KB

MD5
9bc22468f2e0c6bd3dae25b674363523

SHA1
17f0faedff8cfd992c7bd27aa260823790b7cf57

SHA256
235cc0b7cceb1ed40d83cb12e65ef68f2ab90efca549dd4efd35414bf6875d47

SHA512
5ce4842c6b85ef2ac88c9242879b2557a9c2e566000d3b5432a5d94015d79351ea47d81d7088700cbe0328bc71cd9435549502c07ff5acd778ce6d85fa5df48b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe

Filesize
184KB

MD5
1672e3d31d4e3e236bedcdc5e3d5e53e

SHA1
2ea39b887a00fc9a15407fbea6e456c8590b3c53

SHA256
342bf0c3b1a9a921161ac2e89b9f3259deb937b874ee2628e97d69beb78702fd

SHA512
ae398759e839a8563fa59ca75fb1516460a52cf7081b0515f7a5e286f9724e734083263f0a6d48db4c0e283f1d4428fc414b6858872e73ca9bc2dbd546828d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe

Filesize
184KB

MD5
5d6a13cc28121c91deb4d5c72602b9c6

SHA1
19a9b697aaa9b6988e9df883734585106ed923c0

SHA256
68271e610cca7f1525cffd83cf57bb2ab7a659e33a3bcf0e45ae0f4ec8ccac67

SHA512
b16d4f91ab5e9147db4b8a88c9b27d4bc64b6aa3b2fc7bc7a99a2edf2731cf2887feb8e7448fefac4496e1767036a95de9522d7a89ff53d523aa8198c6b5c8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe

Filesize
184KB

MD5
87beaa23cef159004d19ea06ae620d4c

SHA1
38523a9f4b160d1b8159e0e05d938b4f3283fecc

SHA256
970e11a6786a4b57f35aec51be240fc21b778ea91b119295981e1feffc0f6cbf

SHA512
5809901be28ff3aec7dd903c8620faecebc5cdca20ca88d76a5d8fb2273dbdf946d36dff3226d8485b5bec26e20e5641bf0de5dc9d92183a8140b7156abbdf21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe

Filesize
184KB

MD5
a4b74ccd1367829ea2dcee35f2d46f12

SHA1
d0958fb0dc41c90be3667577f554f1fce6ae0fc1

SHA256
b426964219509f8a435c622956f21bd94c9874e52263acf6f3b7b506e2a8e1e6

SHA512
e0f67f282ba0a76a48d36ee6e4958c9f76bf96958fdc4510b74ef0983c1cbb889a2a7b21358a56681ae91b6502fb12672fe3c31553d5ee321a7f6aa2c378e112

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-361.exe

Filesize
184KB

MD5
84f7e4636250b2caa289f8130b6b32c2

SHA1
90c508f3b589c0d2f7cc9ae1d2331006ec9fae30

SHA256
b46dc05e25c924362d3f72d320d0f2cd0506e17edb88a64c6224a6e7bd705f2e

SHA512
b51a51f2f68bce7c9d14dbdb819632dadfc7b5860223aed7b8ba7048e0608619407092bd07a932b7d3882e8e3c06cef0e99751355629d0fb3a525d8a519051bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe

Filesize
184KB

MD5
29c1e1842bdb0e57ce33a4f0b91fd4d2

SHA1
92546fe403b3bf70df483a981e77fffff1452ad0

SHA256
0e9e555fe75afc796662f0b658451f0fafb752fa2e8cfbd89dc335d0a12f723b

SHA512
73c82cda9ce15b25bf32e2c571085bb7df6af75163d291539f5ffed40c3fcaaa8263a843841f4e0bb9aa6a3195148864dacd11b6ede963e084476b91ff96ac36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe

Filesize
184KB

MD5
542f419e5c6f8bba3992a0783e62dfc9

SHA1
bb9ce9d1bdd36908e069a21ae03104bb004510cd

SHA256
5e36b73aedd717ba27f126a6e18965d51f73db63092ced8789f5d15980d6a064

SHA512
09825cd0679a540f96e7f938096c533b88f0c7f3623e970ebbdfea3e3eb8e245c5cfd44836968e1c614e7641ac17216bfab95f8dd655552164f50018e5806b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48732.exe

Filesize
184KB

MD5
2a28ac1f6abdbd26836a49b1aa0079f9

SHA1
f28b92b262b1c20758e4f12720b22ef64eab0856

SHA256
948122bb06e7cac3626274b7352e59e1c60ec7570ec3bfa28adc0ffe3468898e

SHA512
1a6363468b9c54944f8e44db4a3344ea7c511550c47703f86436209268ac2a6e326dd0b5c60e55ad02e788f377685c785dd08c4cc4c7e426e984350071474822

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe

Filesize
184KB

MD5
75862a3bbb5f7c920db150769f791f90

SHA1
bdc9c1c90c64748d7d9b6ec18440c17c31c78fad

SHA256
0913c06fc319cb340a891280a83a7128306601d87b6f67c611cdd5a38561a68d

SHA512
4a0f556bd076121a04b133fabdb61fbc7f9a3f4b2a3020dc4aab595830f3ac127aa6fde05827d70d7427751592e2acdacbdf68a8ccc76c4f29b54f3402da0edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe

Filesize
184KB

MD5
4fa0984726505a28424f817d985e38ef

SHA1
e330208c8ef61b87b2c81963ec80eca8ef972914

SHA256
e26197430bc684c7a2763fc76bf819a8fdc12b2f8e7e23da77abe5ea23674e1a

SHA512
ce62e4bc57d3445ff393372160c27b10d7e6e12bd76afde1d5de60441b95c8490bc6b5cbc33afe0e076386f7659157c281fe71ac437518b0daf1e69824eecbf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe

Filesize
184KB

MD5
a1d743e8ec0d70007ccecbba0e3aecd4

SHA1
bb5b1968c3c46dad92c18537ce90ba17550e7cab

SHA256
1a89ced47183ce5beabb59c82975dc424e7ec61827a40c112e39323424df4fb8

SHA512
fdd8d667f68d2512349d64794c161aa96e641a402c2c975c654109e10f29fbf9de59d458ebf5abffec465671ca2a14a12b891290f1c13c6787c0d111fa797127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe

Filesize
184KB

MD5
4fa0b6cb79dc9157d715d11c50934287

SHA1
183d878ca7b0e36fc90af384646aaa02bf89dec3

SHA256
86f0ccfe56af25e52f445b56d2483cde2b32aad7e72958228f0139feec73798a

SHA512
e295b2280d28d8f5db8ab3da9b2849a9aa9e4c34494a3a799244df98956c4dcf39f7642586da90639e04dd2d2792376f7b989ee2790709c53169c20a673a6abc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe

Filesize
184KB

MD5
56258f5c3ff0fb74ecdc0b3fe5b10adc

SHA1
0d88815c86c00e5aa301d8c5494a9070e1dbce27

SHA256
3ce8be3e93bfbe1e42558705870e243df16c2fe5092e1a9f6a265fc6e7b3d455

SHA512
f2280a77cb5b708cfb57c90f3b1a061e1dad78b3db21fb624fd8347e11143ee5847a2c176f53b472f34a1ec39d9a4a9c1689b6ba0bf68e52bc59967a1fdb800c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe

Filesize
184KB

MD5
835762794f491ecc8172793279a5b52c

SHA1
12e1a0b5fbd6c0f448b7e15e764703cfff5db2e3

SHA256
7739388ba6964219e494224e39aa5bf96dd75295302b5a29d039828c1c93fe0b

SHA512
f6d3a2be4c359e372e4e5059e32f5b0e70fdbb281181dec95991e9584e1fb99b1875c1ee3896f0cbaf7a098c51f351e428a99ec97b7ab93cb02c9bf44843a21f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe

Filesize
184KB

MD5
d2df70d789996391521a93ecf895a54c

SHA1
00cb1446bf0dc4a2e0b55c68dffeed955639a795

SHA256
ee03c2f3227cd6e0997bde2cde0e316f23a8af86fba6b7513b7fc5d0365feb0e

SHA512
0db9a2095706fde5670fcb5b79da5e87683586676bec175746cd1e56adbfdce43dea85cf8f01958d8ef9ed074c9b06a45d8ffd731cb59135eb8a5ec48cb98eca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe

Filesize
184KB

MD5
6935694ebf35b688ae5ef3684c5ea5b0

SHA1
7788cd218d56036dab7cdb935f0657f33b27f8a1

SHA256
babb6cf19be54ee9ba02ae69cef3732b014bd1ec842bf1a007806e7fd5d1dd0f

SHA512
b7817407cec239208e1e4f7c7e9ff8cd133b3022d37f65dc683006e6d4e2e2c2047f71060767d0fc247f854c8ea8e2763f7764679c691a895a3056410cbf48d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21631.exe

Filesize
184KB

MD5
1c6dcce28345899edb88cbd0a10f4ced

SHA1
b7ce7d4a396d5a98340dc4abdf651865311420dd

SHA256
0a0c5fb0c6b7528d33a64202be10a316e3ed3de645244da69937f2768a5f86f9

SHA512
c5eb75dbd3d6fcff03ea8a410593ec4ab5dd3f53bd1083a8923baa4be8f2aa4424f4fafdba84a2c65a33a6f81b82b42010d506045c26cb4ee84543789e8aa908

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe

Filesize
184KB

MD5
aacf4435295b5516d303cbcb2c835f89

SHA1
c39d56444f28c247ab43691c2804bba405c4b21e

SHA256
0566f4cb9c6c4b6bbf2405e60d277979b5d6af697aa924bb8624e86a7430e7dd

SHA512
cfed24aaf7637a98160d045da39c5d7c4bf4e3dcd3bce5b7d75e700bf2bed89d9e17b3154ad510e2a1ada023a7739629f2dad168488c958ca10e7b119c7724c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe

Filesize
184KB

MD5
7f39cb1a37b305ac82c2289123729840

SHA1
568a407784c06b07fbb43ec52dc52dfa2aa3243c

SHA256
c769b2df9dfec186b48d81e706447db5df4120de75c5c4fb887006fdc974e84c

SHA512
81e85fbf2d831449b5164e1f609aef5f8590fec4b22793b3f43ef6d1fe11af447543b377c9ecdb260003bf3d5e0807112c09b79f9eddd577b78a1ae08c4a6ac0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe

Filesize
184KB

MD5
eb0604d1a38cd85cabfb9d7c9bcf4602

SHA1
2899397d25bb34c9f8df66b1726ffb08771b1dff

SHA256
afc9403bf85796a3ab9009c2cf751e2c6119907e45dd04fb1cbc99aaf3d54d17

SHA512
5e1bf6759626c1cce28562eaf0bdac22f875d760fd88054560c645947e8afaeaae90029d7af95d5cc9671f29714e62af6bfb5737ef11cca1328ef3c55e8d408f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe

Filesize
184KB

MD5
6376e5242acfc46373f681584b5b9c66

SHA1
0a70589c5f45209fbbbddca62c29e6e90dc915b4

SHA256
f682da30c1a171744478ed9479c50ff70518cb03a2879aa03c9939cdc04db538

SHA512
acd660fbc4c96aa8969c7861d22f02449e48c4311f3a015ab2891e210d9f5c3ee559ddeb26d738cb43af15f1c8b2ea35d6e3b62a4087c8c49fc2c637ab2c61c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe

Filesize
184KB

MD5
2fc583167b4fbd2cd051d639db262f4f

SHA1
fcc3e4c9c5a6fbeadfe8d46231f972cea77ac523

SHA256
b25cfbe6dfb4463b0382e72149cb1097f7ef461fc11f6e1f2965cc67410303ed

SHA512
2dcc57fe7d94966efe61e01a6f5eeadbf10ab705d93bd72225e93781e1db9f3f98b46cee82828f68164e289ae8dde0c9fb07c195b9e017ec8e81ebcc23461c5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe

Filesize
184KB

MD5
baf69c8f44b725f81d1ba6f0442d80f6

SHA1
bde349ec8cb2460198e6a41908bdaf8fd501f219

SHA256
e92c2b219f7cab316288883512bb3af91edde7759e7edbbf5b56ac63731471b1

SHA512
0306204d2acb2ffb03bf77e8c8f7f392505173f0940c42b73fb66d220770a40a3b69d8c732c7b1441670048637155cc2ab91d0d1a12ca8cfe8a5194e751c6bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46371.exe

Filesize
184KB

MD5
6fa89042b72467d56dc4c4b06f71faf7

SHA1
27d367fb877ee5160b687e49e2287c7db5638f46

SHA256
bed857fd20ec9c478a4ce51f74e8dbab1cf24546cc558f002a824866b5ebfa1e

SHA512
8318ceef8382d16b19470119a979d7e41a68371f69aa2e7d6b049915025da6e189616bc5a39659a112d20cb6b271ecf973c5bc1e49333d50061c71a27aae5d3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47430.exe

Filesize
184KB

MD5
bf1e6a5630a55647533d02ff4c5c47cd

SHA1
e3d1d2fc3772e11a60c0ffa151bb2e1859e779f3

SHA256
bd8783f73ac925c8225489432fe0c665f1eff90bd1275632b2ff43c4a1b946b3

SHA512
262c0256b15d5a0487605c1f39dd94a70de41d9eadbc6b528e727363f371efdb744af8a7b586b982dc4664d9baf12c8b8d3f7e1d7a94c143b3c4f93fc425499d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe

Filesize
184KB

MD5
86dbd4fc2f5355a060933285f9b5ec2a

SHA1
64def721b99e27f75076c0d71bfc832eab3145f6

SHA256
2d1c6240030a23676502e2ab1f42e7890c3a654d140cf793eae3d3f102d6d87a

SHA512
bf2f8bc7c2ba51fe714733ca19878fd3bb682cebe1142f6bfe90c5d44956817fb71adf4ccd21dda8f11e98bee72e66c8ee3238df4f93863c6700ec98bd90ee77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe

Filesize
184KB

MD5
543ad86f9914f6c575cd15906b83f3b4

SHA1
c01cd35f645c720ab685db35d218a899eccf180a

SHA256
542fad2274874cf4d0342aff37ecb76ecb33aa81005cca61db6ed27e436d7d26

SHA512
dc52567ff9112d73124517f73af92c5164851e61cc53673c09d6f585012aa723e4e5f881ad1066bc385caf7a4aaf588f849d664155168775569fd8ee9f91874b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe

Filesize
184KB

MD5
68ebc992114889ad0c7a43e0078867fe

SHA1
b9a628e6e25dc9a351984c841582a6029b02a9b5

SHA256
b664030f45adda6bf9c3139fe06e218d4ebd4cb6747b3dc211e00835c2dbd7db

SHA512
a6ff3441058f69ce4c1ce18ef79bcdb7d612169e12c086ae1744be3e42ad0fe1c5dd0765c1a3763e0353922e354b21cbc31035ca357e779bf1882ce8cdcc4b5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe

Filesize
184KB

MD5
b981364ba71b94c47be3c0e25f6d6a7d

SHA1
2c806131f95f7f48083bdf1b81e47ddd08462f1e

SHA256
440d5ca8a1c144dfa2acf23614874406cc075e6ded3f17bdffe516c669bf11b0

SHA512
eabe9e0fb056470a2101f8ea01e69a30fbbff0153c52ff2d0e87112c7e360d30bcd8cd2491989a1609a265531406c60d9c07aa989c3d444c221ef2ad882e4026

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe

Filesize
184KB

MD5
b8bd89aa859e4e84192a61d28524d645

SHA1
ea16887a05d47889001c503e47a4d40447fccfad

SHA256
597ebc0385425e68d0043de91038901b6cd5ca59eb12494d350461155cd0b43d

SHA512
6299a81454264dafdd93feb342498c86628a4d2e6716c14c59a7e69dec3db63513bd092ee3ddb74fc0aa2136e4ddc94e0e7996fae65fc49e0f1858a7488a7243

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe

Filesize
184KB

MD5
e3f3ca9b467fae1a483cb56563fe3564

SHA1
9963c7e1b4600952759134978c62aea6b1b88cd7

SHA256
705ae15f3458aaeb8418031b83c01c3bc998cbad3e8023f8f1f38d0296de7e4d

SHA512
18298f300c148ad4bd011493b110871b46ccfd6f05eafc9270ecff73ca1b49bb31680370d68549a402fde1386f49823478fc2e1f7af5755dcbc52159382cb010

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7798.exe

Filesize
184KB

MD5
29975bd1afb6b0b9309cf6f509a44c3f

SHA1
b0a710708012bf3b671245dbdec9387bcfa14ad6

SHA256
b83adafc6df7381a8e0743bedf4171b2136bd0a1b6be2a6f7716ad1bd95a5d6a

SHA512
1aa9c05ea80bea399e2bb5975651a0dc85a8e8b6663f117ad85ac61178123d170137006a56d37f8c16d09658348831cf4318d30b442741bbb5963a7d072c09c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads