e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
Size

192KB
MD5

c96b2c5d00196ec871c8b08fe61e2455
SHA1

1d64eebcda690658dc00a88fd0ce8d0598764218
SHA256

e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b
SHA512

3014b5b4d9179fa0b8d83f60d1661eabd829e7cde1e9ad95a83d746b0cbb27fb58a017b694dadca913e374ef53f95ad013017b98c2dc2ad8ad285b38ecb48bee
SSDEEP

3072:uFcaonFCOniKDYgJdXXD68z99ZN67vLiGi0xsMPHzNwPvpFK:uFZodiKDzdHD68i2nWNwPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
5104	Unicorn-18333.exe
4192	Unicorn-48896.exe
4020	Unicorn-13571.exe
1996	Unicorn-61216.exe
3596	Unicorn-59332.exe
3028	Unicorn-13468.exe
4912	Unicorn-34624.exe
740	Unicorn-32547.exe
4604	Unicorn-35584.exe
4832	Unicorn-50301.exe
816	Unicorn-63684.exe
2272	Unicorn-16960.exe
1144	Unicorn-12003.exe
4560	Unicorn-51936.exe
4112	Unicorn-4956.exe
1852	Unicorn-50436.exe
4184	Unicorn-50400.exe
4632	Unicorn-30342.exe
1844	Unicorn-34749.exe
1076	Unicorn-47453.exe
4800	Unicorn-27395.exe
5064	Unicorn-47261.exe
4852	Unicorn-34272.exe
4420	Unicorn-64484.exe
1172	Unicorn-32736.exe
3888	Unicorn-45735.exe
4924	Unicorn-9596.exe
3960	Unicorn-22979.exe
4292	Unicorn-22560.exe
3456	Unicorn-55808.exe
4120	Unicorn-35750.exe
2396	Unicorn-13631.exe
2336	Unicorn-31421.exe
3116	Unicorn-56413.exe
2316	Unicorn-56221.exe
1080	Unicorn-4067.exe
1620	Unicorn-6911.exe
3092	Unicorn-52583.exe
1116	Unicorn-1571.exe
1544	Unicorn-35011.exe
2260	Unicorn-26237.exe
3252	Unicorn-55453.exe
1948	Unicorn-54695.exe
4404	Unicorn-16829.exe
2800	Unicorn-25469.exe
4360	Unicorn-17021.exe
5104	Unicorn-30211.exe
224	Unicorn-32480.exe
4928	Unicorn-30211.exe
3660	Unicorn-58660.exe
4932	Unicorn-61504.exe
4368	Unicorn-50404.exe
1284	Unicorn-37981.exe
4520	Unicorn-1094.exe
2852	Unicorn-18656.exe
1616	Unicorn-31654.exe
1680	Unicorn-37021.exe
4660	Unicorn-20995.exe
2032	Unicorn-40861.exe
3212	Unicorn-45054.exe
1860	Unicorn-4706.exe
3944	Unicorn-20419.exe
3028	Unicorn-14815.exe
5012	Unicorn-46912.exe

Program crash 56 IoCs

pid	pid_target	Process	procid_target
3660	4928	WerFault.exe	148
4660	5104	WerFault.exe	147
5136	1616	WerFault.exe	163
5540	5316	WerFault.exe	200
6904	5780	WerFault.exe	251
5104	5696	WerFault.exe	250
5268	6388	WerFault.exe	428
5556	5756	WerFault.exe	426
3668	6472	WerFault.exe	429
7428	6996	WerFault.exe	504
7376	6732	WerFault.exe	482
6180	788	WerFault.exe	484
5128	5572	WerFault.exe	485
7676	6996	WerFault.exe	504
5388	6900	WerFault.exe	527
1800	4592	WerFault.exe	483
2768	6016	WerFault.exe	531
1136	3780	WerFault.exe	524
6432	7696	WerFault.exe	563
5956	5772	WerFault.exe	526
2276	7316	WerFault.exe	632
7520	7204	WerFault.exe	574
2492	7200	WerFault.exe	573
2032	6028	WerFault.exe	598
6316	5776	WerFault.exe	619
6496	4904	WerFault.exe	672
6012	7428	WerFault.exe	639
4704	5476	WerFault.exe	640
6940	6360	WerFault.exe	721
5448	6240	WerFault.exe	673
6444	4372	WerFault.exe	694
2492	6228	WerFault.exe	756
3908	5696	WerFault.exe	757
7900	7808	WerFault.exe	755
3676	4900	WerFault.exe
7000	6492	WerFault.exe	758
4524	7016	WerFault.exe	696
5928	2272	WerFault.exe	769
3780	6236	WerFault.exe	795
4296	7304	WerFault.exe	804
7456	7204	WerFault.exe	825
2996	7480	WerFault.exe	834
2948	5384	WerFault.exe	925
1860	8092	WerFault.exe	941
4480	1352	WerFault.exe	942
2768	4876	WerFault.exe	854
2196	4552	WerFault.exe	897
5532	7600	WerFault.exe	856
2408	2508	WerFault.exe	906
2956	6084	WerFault.exe	945
3488	6700	WerFault.exe	940
4764	1272	WerFault.exe	984
1080	7800	WerFault.exe	985
1576	548	WerFault.exe	1006
6584	2796	WerFault.exe	983
5252	548	WerFault.exe	1006

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
5104	Unicorn-18333.exe
4192	Unicorn-48896.exe
4020	Unicorn-13571.exe
1996	Unicorn-61216.exe
3596	Unicorn-59332.exe
3028	Unicorn-13468.exe
4912	Unicorn-34624.exe
740	Unicorn-32547.exe
4604	Unicorn-35584.exe
4832	Unicorn-50301.exe
816	Unicorn-63684.exe
2272	Unicorn-16960.exe
1144	Unicorn-12003.exe
4560	Unicorn-51936.exe
4112	Unicorn-4956.exe
1852	Unicorn-50436.exe
4184	Unicorn-50400.exe
4632	Unicorn-30342.exe
1844	Unicorn-34749.exe
1076	Unicorn-47453.exe
5064	Unicorn-47261.exe
4800	Unicorn-27395.exe
4852	Unicorn-34272.exe
4420	Unicorn-64484.exe
1172	Unicorn-32736.exe
3888	Unicorn-45735.exe
4924	Unicorn-9596.exe
3960	Unicorn-22979.exe
4292	Unicorn-22560.exe
4120	Unicorn-35750.exe
3456	Unicorn-55808.exe
2396	Unicorn-13631.exe
2336	Unicorn-31421.exe
3116	Unicorn-56413.exe
2316	Unicorn-56221.exe
1080	Unicorn-4067.exe
3092	Unicorn-52583.exe
1620	Unicorn-6911.exe
1544	Unicorn-35011.exe
1116	Unicorn-1571.exe
3252	Unicorn-55453.exe
2260	Unicorn-26237.exe
1948	Unicorn-54695.exe
5104	Unicorn-30211.exe
4404	Unicorn-16829.exe
2800	Unicorn-25469.exe
4928	Unicorn-30211.exe
224	Unicorn-32480.exe
4360	Unicorn-17021.exe
3660	Unicorn-58660.exe
4932	Unicorn-61504.exe
4368	Unicorn-50404.exe
1284	Unicorn-37981.exe
4520	Unicorn-1094.exe
1616	Unicorn-31654.exe
2852	Unicorn-18656.exe
1680	Unicorn-37021.exe
2032	Unicorn-40861.exe
4660	Unicorn-20995.exe
1860	Unicorn-4706.exe
3944	Unicorn-20419.exe
3212	Unicorn-45054.exe
5012	Unicorn-46912.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 5104	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	92
PID 2396 wrote to memory of 5104	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	92
PID 2396 wrote to memory of 5104	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	92
PID 5104 wrote to memory of 4192	5104	Unicorn-18333.exe	94
PID 5104 wrote to memory of 4192	5104	Unicorn-18333.exe	94
PID 5104 wrote to memory of 4192	5104	Unicorn-18333.exe	94
PID 2396 wrote to memory of 4020	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	95
PID 2396 wrote to memory of 4020	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	95
PID 2396 wrote to memory of 4020	2396	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	95
PID 4192 wrote to memory of 1996	4192	Unicorn-48896.exe	96
PID 4192 wrote to memory of 1996	4192	Unicorn-48896.exe	96
PID 4192 wrote to memory of 1996	4192	Unicorn-48896.exe	96
PID 5104 wrote to memory of 3596	5104	Unicorn-18333.exe	97
PID 5104 wrote to memory of 3596	5104	Unicorn-18333.exe	97
PID 5104 wrote to memory of 3596	5104	Unicorn-18333.exe	97
PID 4020 wrote to memory of 3028	4020	Unicorn-13571.exe	98
PID 4020 wrote to memory of 3028	4020	Unicorn-13571.exe	98
PID 4020 wrote to memory of 3028	4020	Unicorn-13571.exe	98
PID 1996 wrote to memory of 4912	1996	Unicorn-61216.exe	103
PID 1996 wrote to memory of 4912	1996	Unicorn-61216.exe	103
PID 1996 wrote to memory of 4912	1996	Unicorn-61216.exe	103
PID 4192 wrote to memory of 740	4192	Unicorn-48896.exe	104
PID 4192 wrote to memory of 740	4192	Unicorn-48896.exe	104
PID 4192 wrote to memory of 740	4192	Unicorn-48896.exe	104
PID 3596 wrote to memory of 4604	3596	Unicorn-59332.exe	105
PID 3596 wrote to memory of 4604	3596	Unicorn-59332.exe	105
PID 3596 wrote to memory of 4604	3596	Unicorn-59332.exe	105
PID 3028 wrote to memory of 4832	3028	Unicorn-13468.exe	106
PID 3028 wrote to memory of 4832	3028	Unicorn-13468.exe	106
PID 3028 wrote to memory of 4832	3028	Unicorn-13468.exe	106
PID 4020 wrote to memory of 816	4020	Unicorn-13571.exe	107
PID 4020 wrote to memory of 816	4020	Unicorn-13571.exe	107
PID 4020 wrote to memory of 816	4020	Unicorn-13571.exe	107
PID 4912 wrote to memory of 2272	4912	Unicorn-34624.exe	109
PID 4912 wrote to memory of 2272	4912	Unicorn-34624.exe	109
PID 4912 wrote to memory of 2272	4912	Unicorn-34624.exe	109
PID 1996 wrote to memory of 1144	1996	Unicorn-61216.exe	110
PID 1996 wrote to memory of 1144	1996	Unicorn-61216.exe	110
PID 1996 wrote to memory of 1144	1996	Unicorn-61216.exe	110
PID 740 wrote to memory of 4560	740	Unicorn-32547.exe	111
PID 740 wrote to memory of 4560	740	Unicorn-32547.exe	111
PID 740 wrote to memory of 4560	740	Unicorn-32547.exe	111
PID 4604 wrote to memory of 4112	4604	Unicorn-35584.exe	112
PID 4604 wrote to memory of 4112	4604	Unicorn-35584.exe	112
PID 4604 wrote to memory of 4112	4604	Unicorn-35584.exe	112
PID 3596 wrote to memory of 1852	3596	Unicorn-59332.exe	113
PID 3596 wrote to memory of 1852	3596	Unicorn-59332.exe	113
PID 3596 wrote to memory of 1852	3596	Unicorn-59332.exe	113
PID 3028 wrote to memory of 4632	3028	Unicorn-13468.exe	115
PID 3028 wrote to memory of 4632	3028	Unicorn-13468.exe	115
PID 3028 wrote to memory of 4632	3028	Unicorn-13468.exe	115
PID 4832 wrote to memory of 4184	4832	Unicorn-50301.exe	114
PID 4832 wrote to memory of 4184	4832	Unicorn-50301.exe	114
PID 4832 wrote to memory of 4184	4832	Unicorn-50301.exe	114
PID 816 wrote to memory of 1844	816	Unicorn-63684.exe	116
PID 816 wrote to memory of 1844	816	Unicorn-63684.exe	116
PID 816 wrote to memory of 1844	816	Unicorn-63684.exe	116
PID 2272 wrote to memory of 1076	2272	Unicorn-16960.exe	119
PID 2272 wrote to memory of 1076	2272	Unicorn-16960.exe	119
PID 2272 wrote to memory of 1076	2272	Unicorn-16960.exe	119
PID 4912 wrote to memory of 4800	4912	Unicorn-34624.exe	120
PID 4912 wrote to memory of 4800	4912	Unicorn-34624.exe	120
PID 4912 wrote to memory of 4800	4912	Unicorn-34624.exe	120
PID 1144 wrote to memory of 5064	1144	Unicorn-12003.exe	121

C:\Users\Admin\AppData\Local\Temp\e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
"C:\Users\Admin\AppData\Local\Temp\e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        10⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        11⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        12⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        13⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        15⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        16⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        17⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        18⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        19⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        20⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        21⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        22⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        23⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        24⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        25⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21068.exe
        26⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        27⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        28⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        29⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        12⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        13⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        15⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        16⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        17⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        18⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        19⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 616
        20⤵
        Program crash
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 596
        18⤵
        Program crash
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        12⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        13⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42604.exe
        14⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        15⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        16⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        17⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        18⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        19⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        20⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        21⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32870.exe
        22⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        23⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        24⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        25⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
        26⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        27⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        28⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        11⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        12⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        13⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        14⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        15⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        16⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        17⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        18⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        19⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        20⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        21⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        22⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        23⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        24⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        25⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        26⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        11⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        12⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        13⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        14⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        15⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        16⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        17⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        18⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18447.exe
        19⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        20⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        21⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        22⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        23⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        24⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
        25⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        26⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        27⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        9⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        12⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        13⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        14⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60079.exe
        15⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        16⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        17⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        18⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        19⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        20⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        21⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        22⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        23⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        24⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        25⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        26⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28466.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        11⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        12⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
        13⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        14⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        15⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        16⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        17⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        18⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        19⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        20⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        21⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        22⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        23⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        24⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41673.exe
        25⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        26⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        27⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        11⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        13⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        14⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        15⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        16⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        17⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        18⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        19⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        20⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        21⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51846.exe
        22⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        23⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        24⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        25⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        26⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        13⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
        14⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
        15⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        16⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        17⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        18⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        19⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        20⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        21⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        22⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        23⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        24⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5288.exe
        25⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        26⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 648
        21⤵
        Program crash
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62348.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-63817.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-63817.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-58953.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17961.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-40364.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-3211.exe
        13⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7083.exe
        14⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32207.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32207.exe
        15⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55046.exe
        16⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-37.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-37.exe
        17⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-35910.exe
        18⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-41487.exe
        19⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-63174.exe
        20⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 720
        21⤵
        Program crash
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 744
        20⤵
        Program crash
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 656
        19⤵
        Program crash
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 652
        17⤵
        Program crash
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 720
        16⤵
        Program crash
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 664
        15⤵
        Program crash
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        8⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        9⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        12⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
        13⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30895.exe
        14⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        15⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        16⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        17⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        18⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        19⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
        20⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        21⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        22⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        23⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        24⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        11⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        12⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        13⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        14⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
        15⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        16⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
        17⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        18⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        19⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40431.exe
        20⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        21⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10181.exe
        22⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17388.exe
        23⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        24⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        25⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        26⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 608
        25⤵
        Program crash
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 616
        21⤵
        Program crash
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 696
        20⤵
        Program crash
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29612.exe
        11⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
        12⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        13⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        14⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        15⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        16⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        17⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        18⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        19⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        20⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50767.exe
        21⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        22⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        23⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
        24⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52460.exe
        25⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        26⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 604
        15⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52583.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        12⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        13⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        14⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        15⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        16⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        18⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        19⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        20⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        21⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        22⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        23⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        24⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        25⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 660
        20⤵
        Program crash
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 724
        19⤵
        Program crash
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 696
        18⤵
        Program crash
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        9⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41458.exe
        10⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
        12⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        13⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        14⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        15⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        16⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        17⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52326.exe
        18⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        19⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        20⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        21⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        22⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        23⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
        24⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        25⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        26⤵
        
        PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        9⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        12⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        13⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
        14⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        15⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        16⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        17⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        18⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        19⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
        20⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        21⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        22⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16521.exe
        23⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        24⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2031.exe
        25⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        26⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 844
        24⤵
        Program crash
        
        PID:2408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 756
        23⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17906.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        11⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        12⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        13⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17039.exe
        14⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        15⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        16⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        17⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        18⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        19⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
        20⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        21⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
        22⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        23⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        24⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
        25⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        26⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
        27⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        11⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        12⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        13⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        15⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        16⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        17⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
        18⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        19⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        20⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        21⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        22⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57580.exe
        23⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        24⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        25⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        26⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 632
        8⤵
        Program crash
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        10⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        11⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        12⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24975.exe
        13⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        14⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        15⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        16⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
        17⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        18⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        19⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        20⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        21⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        22⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3464.exe
        23⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        24⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        25⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        26⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        27⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        12⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
        13⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        14⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        15⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        16⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        17⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7525.exe
        18⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
        19⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        20⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        21⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        22⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48592.exe
        23⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        11⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        12⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        13⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        14⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        15⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        16⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        17⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        18⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        19⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        20⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        21⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57932.exe
        22⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        23⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        24⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        25⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        26⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        7⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        10⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        12⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        13⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        14⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        15⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        16⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        17⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        18⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        19⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        20⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        21⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        22⤵
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        23⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        24⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        25⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        26⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 728
        17⤵
        Program crash
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 716
        16⤵
        Program crash
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 704
        15⤵
        Program crash
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        9⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        12⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        13⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27366.exe
        14⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        15⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        16⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        17⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        18⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        19⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16943.exe
        20⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        21⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        22⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
        23⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        24⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
        7⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        12⤵
        
        PID:5624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45054.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 716
        10⤵
        Program crash
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        9⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 636
        10⤵
        Program crash
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12296.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        13⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        14⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        15⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41798.exe
        16⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        17⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        18⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
        19⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
        20⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        21⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
        22⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27919.exe
        23⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        24⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        25⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        26⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        27⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        12⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        13⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        14⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21798.exe
        15⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        16⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        17⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        18⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        19⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
        20⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        21⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46470.exe
        22⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        23⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        24⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        25⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
        26⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10568.exe
        8⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        11⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        13⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        14⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        15⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
        16⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        17⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        18⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        19⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        20⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        21⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
        22⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        23⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        24⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41516.exe
        25⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 632
        24⤵
        Program crash
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        8⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1768.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        11⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        12⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        14⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        15⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
        16⤵
        
        PID:5352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
        7⤵
        Executes dropped EXE
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        12⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
        13⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        14⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        15⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        16⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        17⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51622.exe
        18⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30479.exe
        19⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        20⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        21⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        22⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        23⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        24⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        25⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21324.exe
        26⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        27⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 652
        17⤵
        Program crash
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 664
        16⤵
        Program crash
        
        PID:1136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 636
        15⤵
        Program crash
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        8⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        11⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        12⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        13⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        14⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
        15⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        16⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        17⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        18⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        19⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53862.exe
        20⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        21⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        22⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 464
        23⤵
        Program crash
        
        PID:1860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 596
        15⤵
        Program crash
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 616
        14⤵
        Program crash
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 652
        13⤵
        Program crash
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        12⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        13⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        14⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        15⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        16⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        17⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        18⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16294.exe
        19⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        20⤵
        
        PID:428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        21⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        22⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15343.exe
        23⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 660
        17⤵
        Program crash
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 740
        16⤵
        Program crash
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        6⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        7⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25129.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        12⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21990.exe
        13⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        14⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        15⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 720
        16⤵
        Program crash
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55453.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        12⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
        13⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
        15⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        16⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        17⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        18⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4709.exe
        19⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        20⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
        21⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        22⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        23⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        24⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        25⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3080.exe
        7⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        8⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57516.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        10⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        12⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        13⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        14⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 724
        9⤵
        Program crash
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        7⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1576.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        12⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        13⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46150.exe
        14⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        15⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22982.exe
        16⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        17⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
        18⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        19⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        20⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38057.exe
        21⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        22⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8715.exe
        23⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        24⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 720
        23⤵
        Program crash
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 628
        22⤵
        Program crash
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 752
        21⤵
        Program crash
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        20⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        21⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        22⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
        23⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 616
        21⤵
        Program crash
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 756
        20⤵
        Program crash
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 652
        19⤵
        Program crash
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 608
        18⤵
        Program crash
        
        PID:3908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
        12⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
        13⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20393.exe
        14⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        15⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26182.exe
        16⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        17⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
        18⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        19⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        20⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        21⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        22⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 464
        23⤵
        Program crash
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        7⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
        9⤵
        
        PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        10⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        12⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
        14⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        15⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        16⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        17⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        18⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        19⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        20⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
        21⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        22⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        23⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-296.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        10⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        11⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42095.exe
        12⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
        13⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        14⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
        15⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        16⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        17⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        18⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16332.exe
        19⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48006.exe
        20⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        21⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        22⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        23⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        24⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
        25⤵
        
        PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        8⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        11⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        12⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        13⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        14⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        15⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
        16⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18767.exe
        17⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        18⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
        19⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        20⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        21⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
        22⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        23⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        24⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        25⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 740
        20⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 632
        19⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 712
        18⤵
        Program crash
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        6⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20844.exe
        7⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45196.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6120.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56041.exe
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        11⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        12⤵
        
        PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 472
        6⤵
        Program crash
        
        PID:4660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
        7⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        12⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22246.exe
        13⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
        14⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        15⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        16⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        17⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41490.exe
        18⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
        19⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        20⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32556.exe
        21⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        22⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
        23⤵
        
        PID:548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 632
        24⤵
        Program crash
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 632
        24⤵
        Program crash
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        12⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        13⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        14⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        15⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9998.exe
        16⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        17⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        18⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        19⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        20⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62409.exe
        21⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        22⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        23⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        24⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50096.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        8⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
        12⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
        13⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        14⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        15⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
        16⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        17⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 628
        18⤵
        Program crash
        
        PID:5928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        6⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        7⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32998.exe
        12⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        13⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
        14⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        15⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1518.exe
        16⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
        17⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        18⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        19⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        20⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        21⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
        22⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52425.exe
        23⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        24⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        25⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        21⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        22⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        23⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        24⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 444
        6⤵
        Program crash
        
        PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        6⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        8⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4306.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13262.exe
        11⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        12⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 632
        13⤵
        Program crash
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 632
        13⤵
        Program crash
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-619.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        12⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31087.exe
        13⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        15⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51062.exe
        16⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        17⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55055.exe
        18⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37062.exe
        19⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        20⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
        21⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        22⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        23⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        24⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52115.exe
        20⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
        21⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        22⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        23⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        11⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        12⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        13⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        14⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        15⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        16⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        17⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        18⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        19⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        20⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        21⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        22⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        23⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36140.exe
        24⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 608
        12⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44429.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46374.exe
        11⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        12⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        13⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        14⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        15⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        16⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        18⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        19⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        20⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        21⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        22⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        23⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        10⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        11⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        12⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        13⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        14⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        15⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        16⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        17⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        18⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 408
        19⤵
        Program crash
        
        PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4928 -ip 4928
1⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5104 -ip 5104
1⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1616 -ip 1616
1⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5316 -ip 5316
1⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 5780 -ip 5780
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 5696 -ip 5696
1⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 6388 -ip 6388
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5756 -ip 5756
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 6472 -ip 6472
1⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6996 -ip 6996
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6732 -ip 6732
1⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 788 -ip 788
1⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 5572 -ip 5572
1⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 6996 -ip 6996
1⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 6900 -ip 6900
1⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 4592 -ip 4592
1⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 6016 -ip 6016
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 3780 -ip 3780
1⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5168 -ip 5168
1⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7696 -ip 7696
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5772 -ip 5772
1⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 7316 -ip 7316
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7204 -ip 7204
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7308 -ip 7308
1⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 8180 -ip 8180
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 7200 -ip 7200
1⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5344 -ip 5344
1⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 6028 -ip 6028
1⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4904 -ip 4904
1⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 5776 -ip 5776
1⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 7428 -ip 7428
1⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5476 -ip 5476
1⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6360 -ip 6360
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 6240 -ip 6240
1⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 4372 -ip 4372
1⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2272 -ip 2272
1⤵
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 7016 -ip 7016
1⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6492 -ip 6492
1⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 648 -p 6228 -ip 6228
1⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5696 -ip 5696
1⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7040 -ip 7040
1⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 7808 -ip 7808
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4900 -ip 4900
1⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6236 -ip 6236
1⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 7304 -ip 7304
1⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 7204 -ip 7204
1⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7480 -ip 7480
1⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5384 -ip 5384
1⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 8092 -ip 8092
1⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1352 -ip 1352
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 4876 -ip 4876
1⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 4552 -ip 4552
1⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7600 -ip 7600
1⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2508 -ip 2508
1⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 6700 -ip 6700
1⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6084 -ip 6084
1⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 548 -ip 548
1⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 7800 -ip 7800
1⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1272 -ip 1272
1⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2796 -ip 2796
1⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6960 -ip 6960
1⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 6424 -ip 6424
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 548 -ip 548
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 7604 -ip 7604
1⤵
PID:7140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe

Filesize
192KB

MD5
6d02c75ef48fdde1615ce40c0e5e156a

SHA1
0ba3fee8d5b5b383bbdca45d5fe79297b835760e

SHA256
787eb1029de95d65bb15594b8b30a3ed45cc73c57655acf13acfb9cf1465598d

SHA512
47b5ee5693249e033e1482ed48cf903e61b1ee4cf0964a197c79854b263c056280c4aea940d84c387caf526f56c173a43c42a6cfd1c3e7becfe1d996a0778240

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe

Filesize
192KB

MD5
1fd8366f40dd011bd6166b2e4ddd0b34

SHA1
d839084c8cff9207d652261d88fab4ea0138306c

SHA256
fb71f719999de64a06793f707fc4804f93bba1968f35c511260522186e1fd759

SHA512
34b3eee7584c8ed79fbb1253aeca27c602cc7279f95e4a1f2b6cf38522f7febc94714c029f15f608c17a1be74b88ae180efd8f7bbe73ff9cdc97784923bdd154

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13571.exe

Filesize
192KB

MD5
cc2298bc373158b2d7140391baed36d7

SHA1
d7545f2283efa5aaa664628170f00cc0fbef09fd

SHA256
61344f7a7b3ad771af254d0f5a3b7bc965d42cc9849bfd5d3fe9716c656b339b

SHA512
2f7f3fd3c6cc6fe2c8205af945bb0538d2e21e4bb525afc53ee2aaeb7fb23629da0c025d17e8459e2776395624718e3b20b67b54abe82343d618cc7d67b9183b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe

Filesize
192KB

MD5
c0e670f9297f08b279581ffc86c725d9

SHA1
356f290123c99c50500600514bddb52c3da9c3ba

SHA256
c550ed83201e1d911d89e00025b4825158e12ae5b67e176b24e9b9991dcdeb30

SHA512
0dfbc20c1364f22bd4f5fc38b55aab3ce4f852d78d92279eb13f7d3c3ae24049600d144c275a2b19d1cbba2119c435ab62f2642b4ef80ae9a6be6e8fb437729d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe

Filesize
192KB

MD5
7fd12a3fb055dc8a76c15150a4c3ef08

SHA1
c3af4be1da51003706ff8045a8a3c11df3297c0d

SHA256
6aa7957a6702ef68c2e27baea8c2bbd0cf866c8eaa55cec68d037dac52f9b5b8

SHA512
a635d8f03642957a21c9661f8a6e2d09bd059fa04e2ec6a16bbeb6a17ebc1db0904e3156017cd131dbb035d47bf4cf1ae22ef74002edc08677303a995ef26145

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18333.exe

Filesize
192KB

MD5
7b847b836fa18950e03da1951c1ddae5

SHA1
f3fbe58b9ccf215c6a9b8428c682a7605cdcede7

SHA256
c8713ebef456d50f6285ba62aae7e265d00a638c4e16159c6d56f64c394293fb

SHA512
cea1fef9ab3826306bbdee4746c45432946e40d1719a68ce7267084e9815995293ffe30467545b23b374b0fa5421ec9412262bd183653118380ae81c49a74dd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22560.exe

Filesize
192KB

MD5
1af7098d684a485b29a73357d41360b5

SHA1
eac4d6a32efad3a3bf08a502b41f507cd25cacd2

SHA256
dc5b32c74fc2a92aacaeee64312078c0e54c2f031ff778286e13f6a77651a280

SHA512
f767daf819190228db83c28b53f1ba9c713b345f2bb9430befaee807741bc1de2dd4b04bb441fa24c3a1d0325e67d13bfc9406610f9feca0e01786459f0f0d92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe

Filesize
192KB

MD5
89ccd5d0639d1afcc03fc54140325e05

SHA1
07f9a11f96d378ca9560aeff219a505830933cc2

SHA256
c0cfae89ff1a0835d6572f57a4e9d75d50933674ec3c655170b9f953bfeaddcf

SHA512
4096b387b84de2922f0f56e41c363d941d39ef2ba2fb8688a73d75b81096f4321851529bf3581bf8f2d2a9c5b3e0140dd11233279cdbcd19dcbf993d302a49db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe

Filesize
192KB

MD5
a877e4cd03aa31571fde55f2bcefbdb1

SHA1
213f3146328c6201cf5ab45ee2f717c8c39da2d8

SHA256
e166391b9921a799343327b02c749baaf498e6ac50784dd852260561cf6cadba

SHA512
bdf03599cf95ca3a868521d12f76e30fc4badf6d3c02f0d69b073da0a2f8d0090ad08c33a5ee56fb92e4c71f90f7ea644195c45997d03b1d5ff696b99f7f0116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe

Filesize
128KB

MD5
96cfef7ddd8d01b92eb0b5b522ee5fec

SHA1
725ed755bc012c698e21ed89198a669cd3059dcd

SHA256
a1117294e16cf03af4d9da56b031df596f47e0b31dd56ae1ded554c9ecb30699

SHA512
f907b4ece2335e0ce376b3bb2d6172d7478604f62b6ed4db79623e66b67b8cc2589e451cd6394de7b9c359e1cabf4e21f8dbf497a545374afea7250043204546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30342.exe

Filesize
192KB

MD5
705ee3930352f260ef96ee2e8ccbb62b

SHA1
90d1be9cf488ad5f8eac84c0a56479ab9ba4840b

SHA256
3aae01c114f2cedf712f7b83326bea8eab95d44fbde936d41871aadaba2fef8b

SHA512
24ac07b0609514550eb653db25b77a46dc7cdb9050adf0f38275d82496ae7272d79866562d812f164925fa8f08ea13e306d3c8a30d1f75ff6cd1475342182f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe

Filesize
192KB

MD5
6c07b77cd12d44a87c060143903b0e5a

SHA1
655e65bdc33367ec5b890357169462034a79b4b3

SHA256
b99f9f17e61c242895358f29f7f1ba3b58fd215861a69783b1c8d8dadc608b9f

SHA512
45bc8bcf592b69f35de7b4b2b56770852e86d4762f587c7d6442bae0fcd0b7cbdd7188f23e88fd5fd9849642c2f297298aa9859a184d21c03d42e3bf2357090c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32547.exe

Filesize
192KB

MD5
fed11326b50fe47bf95c93572e1c7215

SHA1
3f1f4a7bcf87c46188ec037a761d66c237427588

SHA256
83bb0b3eb5adc54f32f341389556531c1c95f8d139a00068dd50db68c54f90aa

SHA512
e68c0da8d2b47dcd13e9c0d4455873d642722d98d0439c6013d0fa86b6527ae4c942f6fc801c35e3f01c68cb584e134ee8d0cf25d0aabbc7187be8c8184e2bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe

Filesize
192KB

MD5
2451894e1990b952bb24513089088efd

SHA1
b1a4479c83ffa85bdfcc2859a5b5660d63b058f5

SHA256
41b8117e1cb058eb789b797e2dfe0519939e977a5e614d5d6e6cb057fbf4bef8

SHA512
f4f6ead1c73826844b2f7a06cda1ebe3c98fab650910e20df0c5a0fecc22c0b05957a625be119bf36b194ecd7cc18f63de8397285f33fd833db08c08f7cc7127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe

Filesize
192KB

MD5
bb10f24538d830c277e61cfd12c055b1

SHA1
50ca46a87bb2baf9eb264452f354fbb60558d92f

SHA256
c87e9bf9aaed488ac235b7894613a2ed8461b49d4716cee37f0becf9dda7c85c

SHA512
71cdfeb8fbea5c42d3de60d5e8054b6bfcdf9dba877caf3069ea1daa6a5784e1b03d4eace0338e6a6436a8820488eba504cde7739dfa94e0f6b1c57f61c37645

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe

Filesize
192KB

MD5
f47576728accbb6334edbc61fb5f920b

SHA1
2a24463e58327c7e441f71c276f4c0179ba3d5e1

SHA256
bdfd1b6ba19bfadf27c1762ec09ad281666094bf8794826eb11f1f7e7c6b6f64

SHA512
bf6c652cd8cfaa64a82c9b01e1fe443c30924ce7d63f9cf67f2bae85c5de6fbc0768527be36b1ff3b0e801a0a45202eec536b575496c49c27191efa9939cef7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe

Filesize
192KB

MD5
7b89064bdd29482e447de88eec7ad438

SHA1
a7a3d91d929823460285a6600b82bdbab99dbaed

SHA256
e809858c4c589a2b00aaea94865d17a41fd2d32147f5c1a8b025b818717c122e

SHA512
9a66338d1a5cb571717c86f5e4b2e5f38d7b9ba1ccf83819390f5184d75e53daec49bd803575c35fb11acae133542dfbcb3f5e46fc8a7f2b7cbfecc867433fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe

Filesize
192KB

MD5
6b425bd00f19408c44f4ac184d45b0e1

SHA1
6384a734d13bed35a628ed692181a8462c07c5d4

SHA256
72c86a9ea5802f1552c3b600bcddde5df3062fb39ae66f7ad424e6b07414ce52

SHA512
a57cfbb56c702ce305f1669e1828c01c2f887bc3ae139ba1257ff65d8ffebacc7ffa53ba1a99d9cabf3dd51b2343c96b278b5b8c309423120edd3a5d7c37f939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35750.exe

Filesize
192KB

MD5
6ef9b80f8ae39e5ce43deec0c89d4ec9

SHA1
49be63bee31254ce02b69a59d21ef1a45529e119

SHA256
4adcd91d61cb70dcc5f24dfc3a2d82959ef58be87f7b096acebd60c3a9ef4687

SHA512
9bccbe6242cd2d8d3ee4b4f6df0a5b7103afc26c2de186b0cac68f3000bb3936f6512bc70a0a282693cd8b0ca2d6a7aa3b7ebcc1650e54c5b643f75751d1d1e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe

Filesize
192KB

MD5
50f4aee8665e93b418be7240b2d35037

SHA1
a52012b5218a1824e570c4f8eff2aca4fc409303

SHA256
c964a18cb560e46e3226712ab4ef9addb22a5670166b70e8d756ddd7e2f2e79f

SHA512
56ab24379cd3e92043ea0171fe1f9daf16b9da89297bd218f7cb5a88e675c93febbea987b4be7c87c2fdf4f2772123876c4d1e4d6e68eade5a2a0c4589c0adf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe

Filesize
192KB

MD5
904e56a653d2b72dd5a23fab393b1684

SHA1
f3124e851956a48a3746ebf9d5a60bfec38927a7

SHA256
b88ebaea308d3ecc22cd26a4502e294a291470b25657934df3287ba640e0d165

SHA512
111e73bcfd041bb1f1125f9516a6877d7de72e6a28d7585321d602631b69fece901c733a1ecef90f3094463a88144c8e238bc43f7b6596d2b0098fc1678766e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe

Filesize
192KB

MD5
e2c4137c59efff01d9afea02f5808141

SHA1
c06d1ecfb20aeaefd81555363a6ff82d7cedf8f0

SHA256
3082378ff13a9675110df32e5695acb8ee8bed13ee498c67f4de4a365791b225

SHA512
88420a9a8bbe0897df5833166ad80a1f53a345c4159d106daa776e82d706b1c20d7f33c4b58414d68f22c4fb4f6ebf171995582467da5c849001e114f40ce6c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe

Filesize
192KB

MD5
2ae8b734fbcfa329eb96dcb6a0aa743d

SHA1
0c647af700a8869e5b02112e3e5921ff261391a5

SHA256
4d81f967227629e784cb4320a19adbd94f99b3fb60313ee4d09a84ca740e5b7c

SHA512
219324b657765d14a9c52d2ca3f3fa24d9f3bf5c2e7b8693aa84dd6c655c2a49fe0c33f0cdfff0b08da531d3deb9aa7c6aeb2082d54b6931e96fef4b759428e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe

Filesize
192KB

MD5
2bdfc8dd2b22df6b4122cdd4b1071eac

SHA1
d60b99cd240bb78183d22ef478cc744cba5fb657

SHA256
6df684a3eb0c5fdc218f088c0d2516f1e86ec56f584aa6375896a48097ca7033

SHA512
714f1c9c65cd1ce5ce2ed2212fa2424b7e418d375e505111a764f9309dc7b25acfb3d13f48cecd8e52e1ef8586e721238b186dcb007fe8f13a74346ac9c5f188

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe

Filesize
192KB

MD5
611141d8b85ced1b1cb98acce9fedb96

SHA1
a7be2b9e8e34ca0c65830d6a63b041f8ff340b9d

SHA256
a2512dca98ed5cce145463021bbccea12e01170746f674bad315c865cc615980

SHA512
f06ca160b4e3aa6f524b5fff822d103e929f093f349004ea9a238bc7da4a81ddbb3608f1774ed084eab6fff3440b93f844ef04d5ac37c9fc8d29c1be2006d85c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe

Filesize
192KB

MD5
f400ec8ded92cfedac59833ba2282f4c

SHA1
27a68dbb7e433822f244e64ab4fda286e4e96c0e

SHA256
e4ebd57d2c28d4142718c5cb1c22ff06224e139ae9f03f0b182e40fcb70bc2a4

SHA512
f59b1276e8ff09bc79ef1591143e8eddc9ce9837b18f18060af4d529b761abd5ef53d92b0d8073d4d6ebc07bbd86ba063bdbe7dc5d36df8177795cb829a5e1f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe

Filesize
192KB

MD5
cfdb8fed5ebe8a3dbe56790d869c3ee3

SHA1
0e01c0f8c5208117cce59f844a9ef620dec3c9a2

SHA256
d016100bf15f428f66e8be2f22b52d1e417c26d2c48303b287de035f948a320c

SHA512
621dbb88ff2a34d239619240d15a6753861bdfaa3b1385fd3ca7221f4aa79cf9fd0e292d2e3664730525ef0c53b18f08b48bcc66c0ae0a32506656f88bc3683e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe

Filesize
192KB

MD5
0db467a9e237f9688c5af9cb89c42fb0

SHA1
7b3e87ff7a9c67aa2a8ce307f4880cd0ffa26ced

SHA256
3a8314414709cc47b0c7d2638ad94b82930c4e2bc4c85329d1c3a9b39010d40b

SHA512
0a481a5c0f258402389bcd4fceca258139a6bb15f339108472cfbefe7d5ad8b7d5804e7d3c78f6dd57b9a43ab57ecf250ff18ff8c607db1546e1ddd2af44c699

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe

Filesize
192KB

MD5
99ee554f067bedd04919f9fe3902c5ac

SHA1
05932d09d1b2f5a135fc2a973ed22e79e292e4cc

SHA256
f8f27a39e2f4ad880cd5013f40decb9eb6ee2aa6ae460e9cbdb0f8572ac9de15

SHA512
2727aa22fa6c0dc7aa0fa4504913e10ded79f3a0dfbec8e027dd8007bbeb00d0508823cfb48b171aa7b5a407d4d2e4caf5ecf7aaf240bb6815276ef10c296360

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe

Filesize
192KB

MD5
e8f373fa10f6c0e40564f6cfc2bc34f0

SHA1
95332b5ee8bf64474f87621831add37c9e5d5e69

SHA256
23ccf11a153d9e72e8d89caf3779b50d3b24459ae2d77b26ae8442c9e05edaa3

SHA512
027cdc511060dea90b2eac90868dc0b27bbc5f17bd7a8e02742b38962c3072188462519e245c9184dbd6a58ccce65253e3d8216fb4527b898cc1d04040c634d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59332.exe

Filesize
192KB

MD5
a0b73493056ff89d24ce7cb103f25cdb

SHA1
7ee3d114df7eecf3a9b8085c2ae463088af65733

SHA256
bb00383e27025b4d9a102c54c46ae42dc805382f5cfbcb2bf193e1280d53afaf

SHA512
d329979fb3a825c26c0323208fa52de056bce6cba42bcfb284889eeaf1688b460e8173227d49b846c46a2944e16b5f30a7c94874052f8642cab5612633a9beeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe

Filesize
192KB

MD5
b41ab198f02cce98d4e5f5ef77b33d62

SHA1
3c5c625294048455c96d63b74f4a3353e431df2a

SHA256
e6c9fdf0b6054c9c104a7d03dc8804fb4ce251d8c3570ff3c5448dd36f67812e

SHA512
1c33bc09f09b5f9f64ddf9e09042868b3c85de46dfec7dd8db4811228b5a33a04dc8cd808400d3e05672fe7be2a4c9f5292be47c6271c10c77efec2fa986d2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe

Filesize
192KB

MD5
1dc6441e8efe88ce3a2dc5d17fd3f544

SHA1
feac0065803749cdf699a7a0c9b60626ec3a0414

SHA256
78f1a14504539491f32f1143dfe728eba8f47bdca6a7f72b2f9b1101a75f7457

SHA512
5363e84785551e6ed0254824fce6fe8d93ec923990fa29f6e266fe4c98cd810504f626c45378d6fba15a0f2875f93eda6713c10f24298712e796d3bca3d48217

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe

Filesize
192KB

MD5
72ad66f1c277d6939c9e8ca172147547

SHA1
90c5d915ce6342b015c91db9c7e1b9567d0ff528

SHA256
b5ed3d4a455e5f8204d09a1fa866b9727a17c257aa04f8f90e422895b1869d2e

SHA512
0b618f67282d145a114a2c769f0b3d4b724b55a6f78e7af605a695ff426096e040314e3db17c3ad74b97dcb38f8373c8c9aa43f157068ed54e929d07c5ca51cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe

Filesize
192KB

MD5
82e6a312dc0925348cf09ba675e0672f

SHA1
ce9ce4c23f91de814b0c314a93efeec404c173b8

SHA256
5e28c35b9ce6a310e6beb78f79ea660e4e9161c0e8c9313dcb4b613f6c34e246

SHA512
4479968302dd68264bdd11de428efa7f4ebc98ad7f0550d14a4e80951c1bba062d9f7950e5b4d5883c6367f0f22b59174ef60e113cc0a218ebb51ef094132f80

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads