bfa90efa266e06ff1ad504d9496d78a4b9c4894b69a686d576ff5079d6d2b690

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 14:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bec9ac3e1cc760f969c4d27d5026a2b7.exe
Size

184KB
MD5

bec9ac3e1cc760f969c4d27d5026a2b7
SHA1

0ec5d22efb6709fb9684316cb35baa661893fc43
SHA256

bfa90efa266e06ff1ad504d9496d78a4b9c4894b69a686d576ff5079d6d2b690
SHA512

401ba35cbed51821b4e5948fc59caace1f1f5d73b4d0482d6488bc4505ada49c4d491f4d0f99a1d190ebec827e5a9d9669f2ac71b1edb549ae72256caf2b0a11
SSDEEP

3072:I6R7oi3YkiU8FojThlQaTK/mhZq6sa/Irgprxi9NauAlcvpFE:I69o8z8F6hmaTKqwJlAlcvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2256	Unicorn-61496.exe
4876	Unicorn-35958.exe
1088	Unicorn-25264.exe
2424	Unicorn-65440.exe
4816	Unicorn-45575.exe
984	Unicorn-2399.exe
4516	Unicorn-7038.exe
4124	Unicorn-29172.exe
4488	Unicorn-21174.exe
4224	Unicorn-16344.exe
1172	Unicorn-22732.exe
3348	Unicorn-11034.exe
3416	Unicorn-59872.exe
4008	Unicorn-44496.exe
4724	Unicorn-20546.exe
2584	Unicorn-63136.exe
3812	Unicorn-6322.exe
2044	Unicorn-26188.exe
1020	Unicorn-26550.exe
3612	Unicorn-38632.exe
4964	Unicorn-58668.exe
348	Unicorn-29202.exe
4516	Unicorn-45176.exe
3204	Unicorn-33478.exe
2788	Unicorn-3567.exe
4328	Unicorn-7651.exe
1196	Unicorn-38.exe
2056	Unicorn-24180.exe
1772	Unicorn-53920.exe
3728	Unicorn-62088.exe
5116	Unicorn-38138.exe
1460	Unicorn-30760.exe
4912	Unicorn-43374.exe
632	Unicorn-63240.exe
2280	Unicorn-18124.exe
2340	Unicorn-19276.exe
4864	Unicorn-27806.exe
4092	Unicorn-14807.exe
1496	Unicorn-60479.exe
2904	Unicorn-27060.exe
4404	Unicorn-31144.exe
4856	Unicorn-31144.exe
4728	Unicorn-15746.exe
4840	Unicorn-48419.exe
1632	Unicorn-48419.exe
4860	Unicorn-4631.exe
3248	Unicorn-58471.exe
2996	Unicorn-41750.exe
4124	Unicorn-57532.exe
5056	Unicorn-49364.exe
3340	Unicorn-46240.exe
936	Unicorn-38626.exe
3428	Unicorn-54963.exe
4320	Unicorn-54963.exe
1748	Unicorn-62768.exe
3348	Unicorn-38818.exe
4556	Unicorn-12991.exe
1908	Unicorn-30672.exe
1280	Unicorn-63899.exe
3780	Unicorn-38456.exe
4252	Unicorn-38456.exe
1988	Unicorn-54792.exe
4780	Unicorn-9675.exe
2332	Unicorn-50708.exe

Program crash 44 IoCs

pid	pid_target	Process	procid_target
5088	2256	WerFault.exe	90
5500	5408	WerFault.exe	176
5384	4516	WerFault.exe	212
5520	5892	WerFault.exe	188
6108	5280	WerFault.exe	211
6364	2416	WerFault.exe	442
6344	2488	WerFault.exe	440
8136	2416	WerFault.exe	442
6224	3332	WerFault.exe	558
1636	5340	WerFault.exe	435
3728	7716	WerFault.exe	538
1052	5096	WerFault.exe	535
5004	3660	WerFault.exe	436
4404	6236	WerFault.exe	476
6156	5096	WerFault.exe	535
1664	3972	WerFault.exe	530
8080	5756	WerFault.exe	575
6372	5288	WerFault.exe	576
7716	6956	WerFault.exe	577
7656	8096	WerFault.exe	621
6760	5820	WerFault.exe	620
6948	1900	WerFault.exe	627
7536	6224	WerFault.exe	625
5816	3940	WerFault.exe	622
7460	5736	WerFault.exe	661
4392	7332	WerFault.exe	693
7116	6172	WerFault.exe	694
3028	6884	WerFault.exe	706
4948	7660	WerFault.exe	695
3940	6800	WerFault.exe	734
720	7680	WerFault.exe	742
1404	5292	WerFault.exe	741
8096	5788	WerFault.exe	760
1072	7004	WerFault.exe	776
7448	7364	WerFault.exe	782
7660	5044	WerFault.exe	775
6228	3632	WerFault.exe	798
6792	4680	WerFault.exe	799
7424	6168	WerFault.exe	801
3184	7064	WerFault.exe	823
5920	5440	WerFault.exe	849
1772	5824	WerFault.exe	851
2748	1900	WerFault.exe	854
5124	4744	WerFault.exe	852

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe
2256	Unicorn-61496.exe
4876	Unicorn-35958.exe
1088	Unicorn-25264.exe
2424	Unicorn-65440.exe
4816	Unicorn-45575.exe
984	Unicorn-2399.exe
4516	Unicorn-7038.exe
4124	Unicorn-29172.exe
4488	Unicorn-21174.exe
4224	Unicorn-16344.exe
1172	Unicorn-22732.exe
3348	Unicorn-11034.exe
3416	Unicorn-59872.exe
4008	Unicorn-44496.exe
4724	Unicorn-20546.exe
2584	Unicorn-63136.exe
2044	Unicorn-26188.exe
3812	Unicorn-6322.exe
1020	Unicorn-26550.exe
3612	Unicorn-38632.exe
4964	Unicorn-58668.exe
348	Unicorn-29202.exe
4516	Unicorn-45176.exe
3204	Unicorn-33478.exe
1196	Unicorn-38.exe
4328	Unicorn-7651.exe
2788	Unicorn-3567.exe
2056	Unicorn-24180.exe
1772	Unicorn-53920.exe
3728	Unicorn-62088.exe
5116	Unicorn-38138.exe
1460	Unicorn-30760.exe
632	Unicorn-63240.exe
4912	Unicorn-43374.exe
2280	Unicorn-18124.exe
2340	Unicorn-19276.exe
4864	Unicorn-27806.exe
4092	Unicorn-14807.exe
2904	Unicorn-27060.exe
4404	Unicorn-31144.exe
4728	Unicorn-15746.exe
4856	Unicorn-31144.exe
1496	Unicorn-60479.exe
4840	Unicorn-48419.exe
1632	Unicorn-48419.exe
4860	Unicorn-4631.exe
3248	Unicorn-58471.exe
2996	Unicorn-41750.exe
5056	Unicorn-49364.exe
4124	Unicorn-57532.exe
3340	Unicorn-46240.exe
936	Unicorn-38626.exe
4320	Unicorn-54963.exe
3428	Unicorn-54963.exe
3348	Unicorn-38818.exe
1748	Unicorn-62768.exe
4556	Unicorn-12991.exe
1908	Unicorn-30672.exe
1280	Unicorn-63899.exe
3780	Unicorn-38456.exe
4252	Unicorn-38456.exe
2332	Unicorn-50708.exe
1988	Unicorn-54792.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2256	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	90
PID 1420 wrote to memory of 2256	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	90
PID 1420 wrote to memory of 2256	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	90
PID 1420 wrote to memory of 4876	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	94
PID 1420 wrote to memory of 4876	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	94
PID 1420 wrote to memory of 4876	1420	bec9ac3e1cc760f969c4d27d5026a2b7.exe	94
PID 4876 wrote to memory of 1088	4876	Unicorn-35958.exe	99
PID 4876 wrote to memory of 1088	4876	Unicorn-35958.exe	99
PID 4876 wrote to memory of 1088	4876	Unicorn-35958.exe	99
PID 1088 wrote to memory of 2424	1088	Unicorn-25264.exe	101
PID 1088 wrote to memory of 2424	1088	Unicorn-25264.exe	101
PID 1088 wrote to memory of 2424	1088	Unicorn-25264.exe	101
PID 4876 wrote to memory of 4816	4876	Unicorn-35958.exe	102
PID 4876 wrote to memory of 4816	4876	Unicorn-35958.exe	102
PID 4876 wrote to memory of 4816	4876	Unicorn-35958.exe	102
PID 4816 wrote to memory of 984	4816	Unicorn-45575.exe	104
PID 4816 wrote to memory of 984	4816	Unicorn-45575.exe	104
PID 4816 wrote to memory of 984	4816	Unicorn-45575.exe	104
PID 1088 wrote to memory of 4516	1088	Unicorn-25264.exe	105
PID 1088 wrote to memory of 4516	1088	Unicorn-25264.exe	105
PID 1088 wrote to memory of 4516	1088	Unicorn-25264.exe	105
PID 984 wrote to memory of 4124	984	Unicorn-2399.exe	108
PID 984 wrote to memory of 4124	984	Unicorn-2399.exe	108
PID 984 wrote to memory of 4124	984	Unicorn-2399.exe	108
PID 4816 wrote to memory of 4488	4816	Unicorn-45575.exe	109
PID 4816 wrote to memory of 4488	4816	Unicorn-45575.exe	109
PID 4816 wrote to memory of 4488	4816	Unicorn-45575.exe	109
PID 4516 wrote to memory of 4224	4516	Unicorn-7038.exe	110
PID 4516 wrote to memory of 4224	4516	Unicorn-7038.exe	110
PID 4516 wrote to memory of 4224	4516	Unicorn-7038.exe	110
PID 4124 wrote to memory of 1172	4124	Unicorn-29172.exe	111
PID 4124 wrote to memory of 1172	4124	Unicorn-29172.exe	111
PID 4124 wrote to memory of 1172	4124	Unicorn-29172.exe	111
PID 984 wrote to memory of 3348	984	Unicorn-2399.exe	112
PID 984 wrote to memory of 3348	984	Unicorn-2399.exe	112
PID 984 wrote to memory of 3348	984	Unicorn-2399.exe	112
PID 4488 wrote to memory of 3416	4488	Unicorn-21174.exe	113
PID 4488 wrote to memory of 3416	4488	Unicorn-21174.exe	113
PID 4488 wrote to memory of 3416	4488	Unicorn-21174.exe	113
PID 4224 wrote to memory of 4008	4224	Unicorn-16344.exe	114
PID 4224 wrote to memory of 4008	4224	Unicorn-16344.exe	114
PID 4224 wrote to memory of 4008	4224	Unicorn-16344.exe	114
PID 4516 wrote to memory of 4724	4516	Unicorn-7038.exe	115
PID 4516 wrote to memory of 4724	4516	Unicorn-7038.exe	115
PID 4516 wrote to memory of 4724	4516	Unicorn-7038.exe	115
PID 3348 wrote to memory of 2584	3348	Unicorn-11034.exe	116
PID 3348 wrote to memory of 2584	3348	Unicorn-11034.exe	116
PID 3348 wrote to memory of 2584	3348	Unicorn-11034.exe	116
PID 4124 wrote to memory of 3812	4124	Unicorn-29172.exe	117
PID 4124 wrote to memory of 3812	4124	Unicorn-29172.exe	117
PID 4124 wrote to memory of 3812	4124	Unicorn-29172.exe	117
PID 3416 wrote to memory of 2044	3416	Unicorn-59872.exe	118
PID 3416 wrote to memory of 2044	3416	Unicorn-59872.exe	118
PID 3416 wrote to memory of 2044	3416	Unicorn-59872.exe	118
PID 4008 wrote to memory of 3612	4008	Unicorn-44496.exe	119
PID 4008 wrote to memory of 3612	4008	Unicorn-44496.exe	119
PID 4008 wrote to memory of 3612	4008	Unicorn-44496.exe	119
PID 4224 wrote to memory of 1020	4224	Unicorn-16344.exe	120
PID 4224 wrote to memory of 1020	4224	Unicorn-16344.exe	120
PID 4224 wrote to memory of 1020	4224	Unicorn-16344.exe	120
PID 4724 wrote to memory of 4964	4724	Unicorn-20546.exe	121
PID 4724 wrote to memory of 4964	4724	Unicorn-20546.exe	121
PID 4724 wrote to memory of 4964	4724	Unicorn-20546.exe	121
PID 1172 wrote to memory of 348	1172	Unicorn-22732.exe	122

C:\Users\Admin\AppData\Local\Temp\bec9ac3e1cc760f969c4d27d5026a2b7.exe
"C:\Users\Admin\AppData\Local\Temp\bec9ac3e1cc760f969c4d27d5026a2b7.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2256
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 716
    3⤵
    - Program crash
    PID:5088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        10⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        11⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        12⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        13⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        14⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        15⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        16⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
        17⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41982.exe
        18⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        19⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
        20⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        21⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47596.exe
        22⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        23⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        24⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        25⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
        26⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        27⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 836
        26⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 764
        25⤵
        Program crash
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27822.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        11⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        12⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        13⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        14⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        15⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        16⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        17⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        18⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        19⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        20⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        21⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        22⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
        23⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        24⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        25⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
        26⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        11⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        12⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
        13⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        14⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        15⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        16⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        17⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        18⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        19⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        20⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        20⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-730.exe
        21⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        22⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
        23⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        24⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        25⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        26⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        14⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        15⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        16⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        17⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        18⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        19⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        20⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        21⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        22⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        23⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        24⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        25⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        26⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        27⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        23⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        24⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        11⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        12⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        13⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        14⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        15⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        16⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        17⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 632
        18⤵
        Program crash
        
        PID:1052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 640
        18⤵
        Program crash
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        11⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38132.exe
        12⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
        13⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        15⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        16⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        17⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        18⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        19⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        20⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        21⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        22⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        23⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        24⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        25⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        26⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49688.exe
        27⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        10⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        11⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        12⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        13⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        14⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        15⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        16⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13503.exe
        17⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45512.exe
        18⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        19⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        20⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        21⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45048.exe
        22⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        23⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        24⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        25⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        26⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 844
        24⤵
        Program crash
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10614.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        12⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        13⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        14⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        15⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        16⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        17⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        18⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        19⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        20⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        21⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        22⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        23⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        24⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14807.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30672.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        11⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        12⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        13⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        14⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        15⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        16⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41802.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42164.exe
        12⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        13⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        12⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        13⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        14⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        15⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        11⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        12⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        13⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        14⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
        15⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        16⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        17⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        18⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        19⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        20⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        21⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        22⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        23⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        24⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        25⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53196.exe
        26⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 828
        25⤵
        Program crash
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        10⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        11⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        12⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        13⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        14⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        15⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
        16⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11303.exe
        17⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        18⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        19⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        20⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        21⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        22⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        23⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        24⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        25⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        13⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        14⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
        15⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        16⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        17⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        18⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        19⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        20⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        21⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
        22⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        23⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44348.exe
        24⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        25⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        26⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50708.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        10⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
        12⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49388.exe
        13⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        14⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        16⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        17⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        18⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        19⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        20⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        21⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        22⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        23⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29636.exe
        24⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        25⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 836
        20⤵
        Program crash
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43234.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        12⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        13⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        14⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4183.exe
        15⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        16⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        17⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        18⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        19⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        20⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        21⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        22⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        23⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        24⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        21⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36652.exe
        22⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        23⤵
        
        PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45340.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        12⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        13⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        14⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        15⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        16⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21200.exe
        17⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        18⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        20⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        21⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        22⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        23⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        24⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        25⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35526.exe
        13⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        14⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        15⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
        16⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        17⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        18⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        19⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        20⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        21⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        22⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29688.exe
        23⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        24⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        11⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        12⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        13⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        14⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        15⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        16⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        17⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        18⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        19⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        20⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        21⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        22⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        23⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        24⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        25⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        26⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        24⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        9⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        13⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        14⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52948.exe
        15⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 632
        16⤵
        Program crash
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 640
        16⤵
        Program crash
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        8⤵
        Executes dropped EXE
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38788.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        11⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        12⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47.exe
        14⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 632
        15⤵
        Program crash
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63588.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6907.exe
        11⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        12⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
        13⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        14⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
        15⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
        16⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        17⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        18⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        19⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
        20⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8291.exe
        21⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        22⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        23⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 764
        15⤵
        Program crash
        
        PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4631.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        11⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        12⤵
        Program crash
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5539.exe
        10⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 184
        11⤵
        Program crash
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58471.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        11⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        12⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        13⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        14⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        15⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        16⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22596.exe
        17⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
        18⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        19⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        20⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        21⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        22⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        23⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
        24⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        25⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        26⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        27⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
        12⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        13⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        14⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18600.exe
        15⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        16⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        17⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
        18⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59648.exe
        19⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        20⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        21⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
        22⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        23⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        24⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        25⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
        12⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        13⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48464.exe
        14⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        15⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        16⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        14⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        15⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        16⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        17⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        18⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        19⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        20⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        21⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45624.exe
        22⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        23⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        24⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        25⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        26⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65456.exe
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 636
        10⤵
        Program crash
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
        10⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
        11⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        12⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        13⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        14⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        15⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        16⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        17⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        18⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
        19⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
        20⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        21⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        22⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        23⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        24⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        25⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 756
        21⤵
        Program crash
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        19⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        20⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        21⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
        22⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        23⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        24⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 844
        22⤵
        Program crash
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 764
        21⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 852
        20⤵
        Program crash
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 836
        19⤵
        Program crash
        
        PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        11⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        12⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        13⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        14⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27380.exe
        15⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        16⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        17⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6067.exe
        18⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        19⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        20⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
        21⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        22⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
        23⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        24⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        25⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
        26⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        27⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 764
        24⤵
        Program crash
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 756
        23⤵
        Program crash
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 844
        22⤵
        Program crash
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 852
        21⤵
        Program crash
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 844
        20⤵
        Program crash
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 764
        19⤵
        Program crash
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 764
        18⤵
        Program crash
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 836
        17⤵
        Program crash
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        11⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        13⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        14⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        15⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        17⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        18⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        19⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        20⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
        21⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        22⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63844.exe
        23⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        24⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        25⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
        26⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        27⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        14⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        15⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        16⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        17⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        18⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        19⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        20⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        21⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        22⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        23⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        24⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        25⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
        12⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        13⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        14⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        15⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44640.exe
        16⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        17⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        12⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
        13⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        14⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        15⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        16⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        17⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
        18⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        19⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        20⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        21⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        22⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        23⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        24⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        25⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 844
        24⤵
        Program crash
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 764
        22⤵
        Program crash
        
        PID:1404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 756
        21⤵
        Program crash
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        11⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        12⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        13⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        14⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        15⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        16⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        13⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        14⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        15⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        16⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        17⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
        18⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        19⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        20⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13335.exe
        21⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        22⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        23⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41504.exe
        24⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        25⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 756
        23⤵
        Program crash
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 852
        22⤵
        Program crash
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        21⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        22⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        23⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        24⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 852
        19⤵
        Program crash
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 740
        18⤵
        Program crash
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
        11⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        12⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 492
        10⤵
        Program crash
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        10⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-171.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        12⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46264.exe
        13⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        15⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        16⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        17⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        18⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        19⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        20⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        21⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        22⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
        23⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        24⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
        10⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        12⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58464.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        14⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        15⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        16⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        17⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        18⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        19⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        20⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        21⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        22⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        23⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        24⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        25⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 844
        24⤵
        Program crash
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 836
        23⤵
        Program crash
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55228.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28206.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        12⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
        13⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        14⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44372.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        10⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        10⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        12⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        13⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
        14⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        15⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        16⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        17⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
        18⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        19⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        20⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        21⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        22⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        23⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        24⤵
        
        PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32312.exe
        11⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10879.exe
        12⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        13⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        14⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        15⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        16⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        17⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        18⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
        11⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27800.exe
        12⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
        14⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        15⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        16⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
        17⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        18⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        19⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        20⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        21⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        22⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        23⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        24⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
        25⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30752.exe
        26⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        27⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        14⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        15⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe
        16⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        17⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
        18⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        19⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        20⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        21⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        22⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        23⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        24⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        25⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23110.exe
        10⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45008.exe
        12⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
        13⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54380.exe
        14⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30556.exe
        15⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        16⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        17⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29228.exe
        18⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        19⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        20⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55868.exe
        21⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
        22⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        23⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
        24⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        25⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 756
        24⤵
        Program crash
        
        PID:1772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 748
        23⤵
        Program crash
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 756
        19⤵
        Program crash
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 756
        18⤵
        Program crash
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26064.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        11⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        12⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23192.exe
        13⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        14⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        15⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        16⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40748.exe
        17⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25476.exe
        18⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        19⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        20⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        21⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
        22⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        23⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        24⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        25⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        26⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60479.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
        11⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58884.exe
        12⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        13⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        14⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
        15⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        17⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        18⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53400.exe
        19⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62092.exe
        20⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26784.exe
        21⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
        22⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        23⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        24⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        25⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        26⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23274.exe
        13⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
        14⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        15⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
        8⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43176.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        11⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        12⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2491.exe
        13⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
        14⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        15⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        16⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 616
        17⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        12⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        13⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        14⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        15⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        16⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        17⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        18⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46828.exe
        19⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        20⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        21⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        22⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        23⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59483.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        10⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        12⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        13⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        14⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
        15⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        16⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 212
        17⤵
        Program crash
        
        PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2256 -ip 2256
1⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5408 -ip 5408
1⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4516 -ip 4516
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5280 -ip 5280
1⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5892 -ip 5892
1⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2416 -ip 2416
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2488 -ip 2488
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2416 -ip 2416
1⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3332 -ip 3332
1⤵
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5340 -ip 5340
1⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 3660 -ip 3660
1⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5096 -ip 5096
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7716 -ip 7716
1⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7704 -ip 7704
1⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6316 -ip 6316
1⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 7716 -ip 7716
1⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6316 -ip 6316
1⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7704 -ip 7704
1⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6236 -ip 6236
1⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5096 -ip 5096
1⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3972 -ip 3972
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5756 -ip 5756
1⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6956 -ip 6956
1⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5288 -ip 5288
1⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 8096 -ip 8096
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5820 -ip 5820
1⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 3332 -ip 3332
1⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 4184 -ip 4184
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 3940 -ip 3940
1⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6224 -ip 6224
1⤵
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1900 -ip 1900
1⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5736 -ip 5736
1⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 7204 -ip 7204
1⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 7296 -ip 7296
1⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7332 -ip 7332
1⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 7660 -ip 7660
1⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 6172 -ip 6172
1⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 6884 -ip 6884
1⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6444 -ip 6444
1⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6800 -ip 6800
1⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5292 -ip 5292
1⤵
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 7680 -ip 7680
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5788 -ip 5788
1⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7364 -ip 7364
1⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7004 -ip 7004
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5044 -ip 5044
1⤵
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6928 -ip 6928
1⤵
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 7164 -ip 7164
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6396 -ip 6396
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 4680 -ip 4680
1⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 3632 -ip 3632
1⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 6168 -ip 6168
1⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 1636 -ip 1636
1⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 6608 -ip 6608
1⤵
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 7064 -ip 7064
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 6816 -ip 6816
1⤵
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 7216 -ip 7216
1⤵
PID:716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 7344 -ip 7344
1⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 3812 -ip 3812
1⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5824 -ip 5824
1⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 1900 -ip 1900
1⤵
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5440 -ip 5440
1⤵
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4744 -ip 4744
1⤵
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7804 -ip 7804
1⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 7280 -ip 7280
1⤵
PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11034.exe

Filesize
184KB

MD5
5935c6c474e0c311caf1124214c8f14f

SHA1
0fc854acec09b9b6907d3876287370441a15128d

SHA256
0d6eca607dd6a5c3cee01ccc34849b2db41a3b2db86562949741ed173c9b2093

SHA512
1fdaf0194dc0692180c7e52357e5eb17799ba4c3ef27841033a1f14a09e30475c90c88555635aa790d8dfa059d90cbe515cdaf8e58df05292ac653b2612256af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16344.exe

Filesize
184KB

MD5
c2a072b891d4a7ef87c1fb8631924aad

SHA1
25eedf132ca812616ef1dc3b8f1989c5b5b0d0e6

SHA256
3210de6f645d2ac4aca20e0dc8e6197beba87cef17e632bed8bab971c303e7a3

SHA512
627d6547f36ee633ebfffac02ecb8caf272b8c4fcf8f69597a4b965c68c4af221fbb46f0a1077548fd32be0999e1988db05ec38d5d54c2bcb8e50cbd26c7b34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe

Filesize
184KB

MD5
d2a94abcc3bb714ece10f0803dd6ac77

SHA1
f0b1248afcc89ec04c009c9cad10344d9028ce4d

SHA256
f0b3dc47e3d42c1f051cf35f468a2684d3ef4667625f2d96f2e32de03d92abb8

SHA512
54dcb75029d5e3f4811d3b351b85ac713be93cc9437d7fe4e9676e50d97a3f117ea0e014b074760eda34bc0042ab93aeb73b1501ee5b7210db98b594f45909f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe

Filesize
184KB

MD5
80fced149cfe5d533482ee578a0db0f5

SHA1
495355c7ebeb84564293a749711fe4d807f99ec2

SHA256
be2c8dad7fa59f18a1193c3c4f3b72bfcbdf4bd8b74a1fdeea46def8d2db9f2e

SHA512
07bf13c652b88098d4cfc81e57551a6f483de68676b8c2477c17fbb5d674fcbe7b77c887ecf1caff2670d613ccf8faf96e79e4a753ba7e9e395565594650cf39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe

Filesize
184KB

MD5
2ca096ff4b9ba775a65118fb3b7d9795

SHA1
8bdc71ad14c4f4aa7af056ac607382c83ae3a9b1

SHA256
d100904c6c84a95d6563c71ed2165510ca6c406ff2ba7e1555a23127014bba57

SHA512
6a54a90442ac5980a3a4fd963646ed2c5b0cf7231997705bb215888836d5cdfbcab61cb1b64820d5058fbc0bf94137a0675f3795a9c9cd4f54896cc4c6d6e2d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe

Filesize
184KB

MD5
0b661e554b1eb6ee65b5deb5580a37ff

SHA1
13a762a81be5e65d1208ab1bcd5995b56dd00699

SHA256
f79a1219e0e591b4fa144ef85cbfacdf9d2c595ab9b6f8ff846c0a8c85c854f2

SHA512
90232b94c0a45bec7f040b8ba043c35fcce9b2f3e397109bc1e8890a9ecaeeab81b3cc60b8c24f3b8e2ed27ada00152aac0afb76920326e7ae6e929d9b853830

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe

Filesize
184KB

MD5
c58e02de25f2f754b09b32c25c3178b5

SHA1
a9e67cdcd5dfeee0a6d22cb9f9fb715b17d2cb5a

SHA256
c261fff01cc58ad0c0aeca4ee4fb63f9264491bb82ea4b89c2150da6863e75a2

SHA512
7c6ed886a13cbabcc3405fe5fcfcf75b32c946ecc41d7486da696b1724f1ce987a5cd67e1af36e717758201dd378e4c40b9fa6868e0d4466eafa64f6455423a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe

Filesize
184KB

MD5
d2f85b7d4064852a39801216084a20fe

SHA1
e68374c2af55eec318b5f85f5a12e1f1d9ba1a36

SHA256
e5d39f6fa198e3723e47ab4aa2c629a056c1efc1fe4c78979b9d9dd5fc538d1f

SHA512
cfea45b9a2847e0181a699dad5434f22b75f5633e2b12db0c608c79f05c29380f1dece49d2d86d12109751bf5e07bf20d85d5de44b0d541ac188eee159993a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe

Filesize
184KB

MD5
eadba0ac68a07a3357366133cdde0c14

SHA1
0b2328962a14a3ec9b1263e5b5aa0d4164f41e33

SHA256
d7bf3cd0f1f26b2256c72f1db473668b013ed19d89f94db0ffffb19c2c64b12c

SHA512
f7444721ca59e0e55f8f9093a837f351340c8af2018569f0d352d97f44cb88d7e9f85e142f0566f406ec486675b15fa331c7d3eba0b47f5c798310fa65e75519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe

Filesize
184KB

MD5
0e98667bc32dd282f66bc49285f8019b

SHA1
62a2445217b745bb86eed6d1468d7186aeb0cefd

SHA256
2b8ae3cdb1fe020053810fca279f7daed49794130dd18a16a5ba4d58cd5e7845

SHA512
57b863d5662a66a2de183518126d553768494eae5a1199eb44c15bca9712667f44688bc6735b1ffaabdd3bcc255674fcd8b01828a7b8c4edc9b1d819856fdd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe

Filesize
184KB

MD5
1ee3d8faf2ff5867fba46fdf2544c8ec

SHA1
eb6b4e9bc5cb6a855185841ae17ddef76484ea92

SHA256
174c9085534e664dcd16869f506e9a9181ddd110f8ac96164e607b2c9e84d576

SHA512
f8c1c1310a57a3b2a32ac9a980a9ef2d2f2e54a16140713b2180b82dd3ddf924eab734932b5e8a1b24e3f2d0baa7db38dc8750dc465afd38667146f39f17e2ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26550.exe

Filesize
184KB

MD5
ec627178903e63a99a672aafc70b5a7c

SHA1
35ecc5fd2ee17626e18c00b9cbcf17f408304665

SHA256
31bee11a36c832012a98bef0af2a75ea77fcd7054814a231d3f7b6563ffa293c

SHA512
b482970f18134cfdccc32f3ec3f94c001ad10864ff7d6fba4e8744d7643064fc6b560fc8be4065f2648f95e93911f1e833de9fef9d88c35163936371ae20ee3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe

Filesize
184KB

MD5
184d1430e45173c2bb0186f7289d47a2

SHA1
c50fdd79d3f03c63d0a2fd4f0c440b50a2d678cb

SHA256
ef71390f80c0a3a1f4d6be98dcbb0f256868fc51bef408771435b678539b09d5

SHA512
bab021f1de7c415a6e6dbb222a7ec0a72afe3f0a297ac0240b8b66e952027571fd27e3b397e5a49e5ae3a7560cee85c4abf0efbc0c25bb906f7dddd88f6667c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe

Filesize
184KB

MD5
2fa6671b8864de15723d486fa16f6eaf

SHA1
8cd1c43bcc7d8caf8f47d7aadc0694ada4a26ec1

SHA256
b74f2647728bbe2a36718de08eef597cb565fac5cb99c29eda97685384e755e5

SHA512
16be822c2c9ad8edf79ed306b323bed2c9c0c71fcdd2b887b113674220d29799b820233a24b30766f977602334cb367ea4414a469a1dfef4650dd6cf1f631fdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe

Filesize
184KB

MD5
e20713c88fb12944a51a4a42b38114d9

SHA1
7862b3fb2c14d35a7845f1b38a7093a69d66e687

SHA256
f00bd8de34b8e7516121934fc304e88da5f215e27ef06414f295005987db598b

SHA512
08a2fa8b37679622b80414af6888031c0775099e4450e98c8441d41889050743c741c5ba638691e39e7a76a358b28ad56825d07c636b5d5063573395d51a66cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34360.exe

Filesize
184KB

MD5
c606dddac896d7b182a80fa52e200c01

SHA1
071cc3888b0b3a8e64ed157c0fc944efc4a8885f

SHA256
e5aa10ff125320dadd3fcebf3403d333ef4b14b340685f92458e37f8e7eace32

SHA512
850187dd6f5f48f5f43ad47cb94d5e2685bd94cd8b931aeba5683d6223f5148bc46dc40f010f451e39c2ef78b70df53937a3a8fdf6c9ae3bf4ca83456166bef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe

Filesize
184KB

MD5
cf4c0cb4cab2bbdb663919bfe45b7448

SHA1
74f0315ccab8312b125170cc57d36dcf832052c2

SHA256
9ea770caf283c38a5f112174161ee7b66039477d1fe38130da29f02e3429a155

SHA512
cc93b00970f47e3c1173633b46a09df7d7f3d86a9da9c3fe1b54f6d0be76eb5d90a2fd10616f96306afe07de8525119ee13b9da4fc390e6001ef75ecc6ab61f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe

Filesize
184KB

MD5
2d712518ddcb83078ab7700f7917f4a7

SHA1
ea859101732d5c6bf1a4cd41cbed7ec383799447

SHA256
4e95b27070526a131b4cd3f4f522ba77d314977420927b514b66226420ecb63f

SHA512
dfd872c6f0a7e23ad60a879e7b5721a3aeb868ac60c5bfb526868a805e42c54dca166b51b3a225642c9c2cd0b8a48f7094a067e198be39b2686253aff8296b98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38.exe

Filesize
184KB

MD5
3be5d07fac3c58832a8d3c4daa349b47

SHA1
1e9c60fc5139509b87bd16f7bd8c40aef0b0c03f

SHA256
2d5f10c8b7f5eaed3ab4c885d684b3f7214f672d3ac6f0d8f7de952abeced3db

SHA512
e36b4b124443c867787791ff60309922afbc40ccb4cf0a086b8d5d239d8d9ad1d0cb256f54e76c018d9c53417b939133f696912d7e7a7af42257e9461f4b32e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe

Filesize
184KB

MD5
ad51703c11e6d54d8c56c1512dc02d5e

SHA1
1e7bc5d4570518b206641d72b1fc23961f167084

SHA256
4ec4ccf68a2f2535262bd614fe2b8949770d5b64944307541aad0108bdc98a42

SHA512
8f76b8c8499460661341367b5bc147b5b094ad035366368baac058607739ebae51bef0eefc7b9eced2ccb4eaf81383cbdc8137a980dec60e59092d77de8dbe59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe

Filesize
184KB

MD5
ae6489b0a2488c8445ffa4e7b63d04ab

SHA1
b7af5f31353c2f60366d8c7e232add3002625470

SHA256
4e2ad0fcd80cf5ac6922991e570d1ca175e3fd7b15489b9987a3cf8702c90209

SHA512
e576c9f2b233c596704b435aebd8906717e09eb3134e969e63dbade1d183a56791a17e93d409b93ea229c4ebec8c7a36f0a54a5194070573733cd19a0f4f6ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe

Filesize
184KB

MD5
27c557f727e1844157521b3915affa3f

SHA1
e6eeb7a34b1eec36c724fe64c60a1f50edecf47b

SHA256
1f6373d97011d9f44abf60f6dc5511c9762e43fe93b359c9226fd1ff1295cde2

SHA512
9b43c543c05dd9db5c26e2e8bcc3103c9944a1a6ee9b6e2514a3b864b3c1ff2baf842b242fa95ee316a8b136d2248a7ae1c02b34a322c9d8fe6b9c5856ec6af5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe

Filesize
184KB

MD5
4636d721ea00b14f9df98d95d200cbfd

SHA1
819d15daca6ab0e30d2c0b145782ec17b89553aa

SHA256
73caeac557e0f5ff3e01561b7a74583ce728f845bf6ac3ef08471cba2807e13f

SHA512
1f943d6ac23e7968446c19d2c15844a2f61d211d7a29bb61c1decdc8ec82dc8764c55fe77dbcafcdc6507f82506177c4cb1e31e9055d74c7f439c043cf00ffaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe

Filesize
184KB

MD5
cdc3546600b89ac0d23c4f72b53510a7

SHA1
0586f64ea2dfda7e97d01938d606f3420a446e7e

SHA256
46e6b85eb08618cf64544e2a9d5936f0fc00bde97e5574e476bef1b7946eac33

SHA512
8eeb2c4d14b0094cb10aef7c99819672f74586f1bcc2c9317beff1211dbac10fb1be975a17074be24ac0a1f99a25a05fa6ad80b8ac773a334fc2af7af1557702

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe

Filesize
184KB

MD5
283b2870efe1b718c2a9eb2e71a4c22c

SHA1
68653ddf7111c2ce57f0653586259fd670c9fab2

SHA256
c3361410e2475c08ffe1507f9a277c23e5200e1d056c15f9443a79fd83635f4f

SHA512
8f35d8e628c7affc18c247577a30847f00622a7ed654577af807efec238274028ec14b166ded571484846f9fb32e7734f237209e4adf5858ab9f2e72b2f99663

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe

Filesize
184KB

MD5
0b50233fb267796623297aca8f556608

SHA1
e5054d66e4a92d18588eafbf8b06181bf3a805d8

SHA256
ddc82e3031ad2634577c75e4afa61fb475b79f68cd46276deca9bb353bbb4a3a

SHA512
d16c8c410dab395274e05c4e05933c5a5a281deaff9c0e5d0919c6c97226da5163c016c6dec82bad924f64f9edb9cb716d7738c2e351956b7b6c7ab2fbd2cef2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53920.exe

Filesize
184KB

MD5
b0ce04178b5cf384030de54bf24631c8

SHA1
a4db9815c5c27e872858e1a2caf2ef76590fd841

SHA256
deb56b4f3e7f5ea90518b91fe50a93a14666a1154bf2f0c058825f2f8e0f7b19

SHA512
b1a1ad2e203f57e306806c16c7b9da18cfb4f161857d310653290ecb3e7f271613d379c9d99f2b685251db94dd64ba7a49268c8d8b3b64c6d407ebc9746bd6f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe

Filesize
184KB

MD5
ea19cf2cd99f82857efe8f44239f6512

SHA1
d5d5a471b15331f75ded718eedf60605c3068768

SHA256
20431a3ba21d09451fd42e7fb528bc2a271ee87829eb765609bfb22e1109d17e

SHA512
b69cad5a98f64c9a71e1a06c70c4d2eef0ee70b5552cbe97260ff21437b039d5380b8ed9b5691baf2777bb2aea8469a5c736d1eee2117dcdef7e4666b522ba60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe

Filesize
184KB

MD5
26bb14749899fdcb870acecaac322ddf

SHA1
c3e9f16d4335a15845bcd32c0cc09fd9d966e007

SHA256
4c3e33aec2b8fadebce67fd1c306301bbafaa4a6b4ad11175d38a3015d8b0f6c

SHA512
29bebf1e31b8b2ecb85280e855dd13879835880fad408936077bbc3f4f5576d216f3686cb079cd34be1fdaa3ac529b2a3fb31d2c296a428d840aaf119236a76f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe

Filesize
184KB

MD5
8cd0bbc1012227f8498e5bd9d628f10a

SHA1
b93e3fc9a8547c5c946f7ace0229eb770b9ee7e8

SHA256
c141abfca68550b42e71b7ce759953a351194e953688786de41d90921844e9f2

SHA512
f132e2e04ea9af3fbe3d38ede289a03a980663d95faba7587a96cf68c66857dfd9c7b6db97781d6a81164e7c2bd748a41dde0b00634eab67953972822c5fbcbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe

Filesize
184KB

MD5
8edcae45cccd78a6d6f2c2e03e079b26

SHA1
9337bc639f7a8d7e9011d2a79ac05487bd10b07c

SHA256
42f6bb2c20c18598687bad3acd83df37508d881551685a0bc08a511f7151e3ca

SHA512
0828d8a73d8825df16ecd0b69a9d169ee3be92ab84be78e141638eb73ed435688a54cdaf0815642bda385f78c62a79b952a1363f13fb564d713cf13fe70512cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe

Filesize
184KB

MD5
ee949223d3a232516cc2aa623a81f304

SHA1
ac9465c5292fd995afccc932b0fa3b355270070d

SHA256
c6148412be1a08b093544cb77be50d317351dd16cc4eabffdf5eb94065615c1e

SHA512
26259105fc20a43761bffb0863de79ef3ae7264553c27996b7c94c597e91bf4e09261afcf544ea88f9e76c81b7b20be516082c5fd0105be0cb6893458c699aa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe

Filesize
184KB

MD5
3d039b37e814bda16a4d3ac21fd60c2e

SHA1
51f345147f0ee6b98928b796820cf57b35d8225f

SHA256
c43945efaaf4bc6f5b2d6af4c2e45c4a55afe35d160c26f9b9394196693c216d

SHA512
84ee4058ad96b5fd496b5c45d1c4ee4385e4395de3e910fbc6a547d62efe66ded4acd4204fce46cbc947d7878f5dc502eba5f0e0d5f8072b5b1bc86de96eb0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe

Filesize
184KB

MD5
1f11603c7bcb4693def7d9aa456832bb

SHA1
0325bad41470b4e1baeec21b943e0aed7ec7f45e

SHA256
90792f3a68eec9780f3f65c5694236240df860130ae0c8f397971d7b1d4f61e6

SHA512
e83aedbf5393b02de7b0365d7e019b0de21cf80e90594926794f1198977322a0149cf7794483c2d608bc467f0c609c2724304fd1a34706f8f064660fed7a1115

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe

Filesize
184KB

MD5
ef0c86ff051b7e6520674f36785c6167

SHA1
df876f10a08dea5f6dd5a155c21905f31c83101f

SHA256
2663809da298d21fc3bc091ee98b7caee8270d929b7f3b65416ccf8cc6c2fa26

SHA512
db37788f57e5a949b58b9b0a2819414f0c9084bd0c6bfd4abad1f782960862a1ed9a84d1debbcba28cfafd11a5f1e896a8faecfd970d4eedd510c2d21b5bb9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe

Filesize
184KB

MD5
98a6c158c76572c866ec1b3a3bfc2514

SHA1
ac3f363dda89191c5d0ab1725589c52705ba676d

SHA256
9aedb77feb5759ab8c4134e234f50b67a24601c2ab651a834a6ff44dd29b540f

SHA512
33273008b7eed06b78378b2c09eb9d447a5892c4b198c9a25b07e46c90130b75bbe65ace2c7cd9bf6494304f429ad28139cee3afcb4c1316a5199d14aae2429d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads