35568290997289fef2e42df8b080f1b2c0d0f1e829b1ed62a187e6b38b21deb7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
Size

192KB
MD5

273e924688a1e392f723c68e262ee4d6
SHA1

5e591282d70ebbeddb6d7cf690b29c1e96eccebe
SHA256

35568290997289fef2e42df8b080f1b2c0d0f1e829b1ed62a187e6b38b21deb7
SHA512

6be67108054a5a3b2a1b22953e5bf701ea05295ab39899c8990b5ccf340d35f091c783be6cc548262f50e805b8af8dcc1e0596be903f910385492952b14292d6
SSDEEP

3072:tz80oA1wvkAUAbV0Ddvlqh8b6b2crQWhTfNP70gxG2lVvMP:tz7o71PbKdNqh8GZJa2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2276	Unicorn-51441.exe
2232	Unicorn-9918.exe
2664	Unicorn-22917.exe
2704	Unicorn-6644.exe
2992	Unicorn-63307.exe
2716	Unicorn-56722.exe
2584	Unicorn-42592.exe
2636	Unicorn-22726.exe
1216	Unicorn-57667.exe
2872	Unicorn-24995.exe
2660	Unicorn-55591.exe
1272	Unicorn-11038.exe
1800	Unicorn-10332.exe
3052	Unicorn-30774.exe
2668	Unicorn-24037.exe
952	Unicorn-13752.exe
2336	Unicorn-43903.exe
1520	Unicorn-59424.exe
2672	Unicorn-63446.exe
1496	Unicorn-40437.exe
1704	Unicorn-38901.exe
2268	Unicorn-18843.exe
2180	Unicorn-36824.exe
3000	Unicorn-6228.exe
1140	Unicorn-17604.exe
2344	Unicorn-27282.exe
996	Unicorn-63275.exe
1856	Unicorn-7416.exe
1052	Unicorn-22875.exe
2288	Unicorn-60865.exe
2852	Unicorn-15193.exe
2600	Unicorn-13657.exe
2776	Unicorn-39593.exe
2272	Unicorn-49594.exe
1108	Unicorn-63491.exe
2184	Unicorn-2448.exe
1436	Unicorn-48696.exe
1488	Unicorn-3024.exe
1980	Unicorn-27014.exe
344	Unicorn-14015.exe
2916	Unicorn-46880.exe
2460	Unicorn-16215.exe
1884	Unicorn-47456.exe
1360	Unicorn-36081.exe
2164	Unicorn-32776.exe
688	Unicorn-21593.exe
1260	Unicorn-13486.exe
1920	Unicorn-59065.exe
1068	Unicorn-6527.exe
608	Unicorn-10741.exe
2448	Unicorn-24316.exe
1480	Unicorn-44182.exe
1628	Unicorn-7295.exe
2544	Unicorn-9973.exe
1868	Unicorn-56221.exe
872	Unicorn-15038.exe
296	Unicorn-14908.exe
2132	Unicorn-15807.exe
3032	Unicorn-923.exe
2648	Unicorn-15999.exe
1888	Unicorn-13502.exe
2768	Unicorn-26501.exe
2588	Unicorn-26309.exe
2108	Unicorn-30716.exe

Loads dropped DLL 64 IoCs

pid	Process
1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
2276	Unicorn-51441.exe
2276	Unicorn-51441.exe
1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
2664	Unicorn-22917.exe
2232	Unicorn-9918.exe
2276	Unicorn-51441.exe
2232	Unicorn-9918.exe
2664	Unicorn-22917.exe
2276	Unicorn-51441.exe
2704	Unicorn-6644.exe
2232	Unicorn-9918.exe
2704	Unicorn-6644.exe
2232	Unicorn-9918.exe
2992	Unicorn-63307.exe
2992	Unicorn-63307.exe
2664	Unicorn-22917.exe
2716	Unicorn-56722.exe
2716	Unicorn-56722.exe
2664	Unicorn-22917.exe
2872	Unicorn-24995.exe
2716	Unicorn-56722.exe
2872	Unicorn-24995.exe
2716	Unicorn-56722.exe
2584	Unicorn-42592.exe
2584	Unicorn-42592.exe
2704	Unicorn-6644.exe
2704	Unicorn-6644.exe
2636	Unicorn-22726.exe
2636	Unicorn-22726.exe
1216	Unicorn-57667.exe
1216	Unicorn-57667.exe
2992	Unicorn-63307.exe
2660	Unicorn-55591.exe
2992	Unicorn-63307.exe
2660	Unicorn-55591.exe
1800	Unicorn-10332.exe
1800	Unicorn-10332.exe
3052	Unicorn-30774.exe
3052	Unicorn-30774.exe
2584	Unicorn-42592.exe
2584	Unicorn-42592.exe
2660	Unicorn-55591.exe
2660	Unicorn-55591.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
2424	WerFault.exe
952	Unicorn-13752.exe
952	Unicorn-13752.exe
1216	Unicorn-57667.exe
1216	Unicorn-57667.exe
1520	Unicorn-59424.exe
1520	Unicorn-59424.exe
2636	Unicorn-22726.exe
2636	Unicorn-22726.exe
1272	Unicorn-11038.exe
1272	Unicorn-11038.exe
2872	Unicorn-24995.exe
2872	Unicorn-24995.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2424	2672	WerFault.exe	49
1336	2336	WerFault.exe	46
2436	2668	WerFault.exe	45
2216	1108	WerFault.exe	68
2624	344	WerFault.exe	72
2560	2132	WerFault.exe	92
2908	1980	WerFault.exe	73
1840	2788	WerFault.exe	99
1704	1888	WerFault.exe	96
2204	1068	WerFault.exe	82
624	2452	WerFault.exe	119
320	296	WerFault.exe	91
2084	1628	WerFault.exe	87
3064	2488	WerFault.exe	122
2288	1572	WerFault.exe	129
2704	1908	WerFault.exe	137
2844	2108	WerFault.exe	98
1788	1528	WerFault.exe	130
2680	1436	WerFault.exe	189
1028	1548	WerFault.exe	154
1660	3036	WerFault.exe	187
2272	1544	WerFault.exe	163
3184	952	WerFault.exe	138
3164	1640	WerFault.exe	211
3484	2940	WerFault.exe	147
3228	2000	WerFault.exe	208
3252	2596	WerFault.exe	196
3572	884	WerFault.exe	202
3372	2724	WerFault.exe	158
3472	1580	WerFault.exe	143
3856	608	WerFault.exe	212
4024	1920	WerFault.exe	214
3776	2944	WerFault.exe	227
3600	3896	WerFault.exe	259
2052	3696	WerFault.exe	254
1052	3976	WerFault.exe	261
4076	4064	WerFault.exe	263
1292	3032	WerFault.exe	239
2832	3564	WerFault.exe	279
4080	3288	WerFault.exe	267
1664	2652	WerFault.exe	288
4012	3940	WerFault.exe	260
2952	3624	WerFault.exe	252
1972	3868	WerFault.exe	258
3120	4000	WerFault.exe	295
3692	3332	WerFault.exe	301
5092	3100	WerFault.exe	346
5100	3612	WerFault.exe	320
4464	3408	WerFault.exe	331
4508	3272	WerFault.exe	322
4752	752	WerFault.exe	375
3464	3920	WerFault.exe	385
2988	2576	WerFault.exe	363
4708	2176	WerFault.exe	332
2960	4436	WerFault.exe	413
4332	3820	WerFault.exe	403
2592	4736	WerFault.exe	425
3392	4176	WerFault.exe	424
4160	2092	WerFault.exe	427
4192	4800	WerFault.exe	430
2600	1696	WerFault.exe	451
1316	2924	WerFault.exe	367
4336	2380	WerFault.exe	342
2244	2632	WerFault.exe	507

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
2276	Unicorn-51441.exe
2232	Unicorn-9918.exe
2664	Unicorn-22917.exe
2704	Unicorn-6644.exe
2716	Unicorn-56722.exe
2992	Unicorn-63307.exe
2584	Unicorn-42592.exe
2636	Unicorn-22726.exe
2872	Unicorn-24995.exe
1216	Unicorn-57667.exe
2660	Unicorn-55591.exe
1272	Unicorn-11038.exe
1800	Unicorn-10332.exe
3052	Unicorn-30774.exe
952	Unicorn-13752.exe
2672	Unicorn-63446.exe
2668	Unicorn-24037.exe
1520	Unicorn-59424.exe
2336	Unicorn-43903.exe
1496	Unicorn-40437.exe
1704	Unicorn-38901.exe
2268	Unicorn-18843.exe
2180	Unicorn-36824.exe
3000	Unicorn-6228.exe
2344	Unicorn-27282.exe
1140	Unicorn-17604.exe
1856	Unicorn-7416.exe
996	Unicorn-63275.exe
1052	Unicorn-22875.exe
2288	Unicorn-60865.exe
2852	Unicorn-15193.exe
2600	Unicorn-13657.exe
2776	Unicorn-39593.exe
2272	Unicorn-49594.exe
1108	Unicorn-63491.exe
2184	Unicorn-2448.exe
1488	Unicorn-3024.exe
1436	Unicorn-48696.exe
1980	Unicorn-27014.exe
2916	Unicorn-46880.exe
2460	Unicorn-16215.exe
1360	Unicorn-36081.exe
344	Unicorn-14015.exe
1884	Unicorn-47456.exe
688	Unicorn-21593.exe
2164	Unicorn-32776.exe
1260	Unicorn-13486.exe
1920	Unicorn-59065.exe
1068	Unicorn-6527.exe
608	Unicorn-10741.exe
2448	Unicorn-24316.exe
1480	Unicorn-44182.exe
1628	Unicorn-7295.exe
2544	Unicorn-9973.exe
1868	Unicorn-56221.exe
872	Unicorn-15038.exe
296	Unicorn-14908.exe
2132	Unicorn-15807.exe
3032	Unicorn-923.exe
2648	Unicorn-15999.exe
1888	Unicorn-13502.exe
2768	Unicorn-26501.exe
2588	Unicorn-26309.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2276	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	31
PID 1888 wrote to memory of 2276	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	31
PID 1888 wrote to memory of 2276	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	31
PID 1888 wrote to memory of 2276	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	31
PID 2276 wrote to memory of 2232	2276	Unicorn-51441.exe	32
PID 2276 wrote to memory of 2232	2276	Unicorn-51441.exe	32
PID 2276 wrote to memory of 2232	2276	Unicorn-51441.exe	32
PID 2276 wrote to memory of 2232	2276	Unicorn-51441.exe	32
PID 1888 wrote to memory of 2664	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2664	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2664	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2664	1888	273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe	33
PID 2232 wrote to memory of 2704	2232	Unicorn-9918.exe	35
PID 2232 wrote to memory of 2704	2232	Unicorn-9918.exe	35
PID 2232 wrote to memory of 2704	2232	Unicorn-9918.exe	35
PID 2232 wrote to memory of 2704	2232	Unicorn-9918.exe	35
PID 2664 wrote to memory of 2716	2664	Unicorn-22917.exe	34
PID 2664 wrote to memory of 2716	2664	Unicorn-22917.exe	34
PID 2664 wrote to memory of 2716	2664	Unicorn-22917.exe	34
PID 2664 wrote to memory of 2716	2664	Unicorn-22917.exe	34
PID 2276 wrote to memory of 2992	2276	Unicorn-51441.exe	36
PID 2276 wrote to memory of 2992	2276	Unicorn-51441.exe	36
PID 2276 wrote to memory of 2992	2276	Unicorn-51441.exe	36
PID 2276 wrote to memory of 2992	2276	Unicorn-51441.exe	36
PID 2704 wrote to memory of 2584	2704	Unicorn-6644.exe	37
PID 2704 wrote to memory of 2584	2704	Unicorn-6644.exe	37
PID 2704 wrote to memory of 2584	2704	Unicorn-6644.exe	37
PID 2704 wrote to memory of 2584	2704	Unicorn-6644.exe	37
PID 2232 wrote to memory of 2636	2232	Unicorn-9918.exe	38
PID 2232 wrote to memory of 2636	2232	Unicorn-9918.exe	38
PID 2232 wrote to memory of 2636	2232	Unicorn-9918.exe	38
PID 2232 wrote to memory of 2636	2232	Unicorn-9918.exe	38
PID 2992 wrote to memory of 1216	2992	Unicorn-63307.exe	39
PID 2992 wrote to memory of 1216	2992	Unicorn-63307.exe	39
PID 2992 wrote to memory of 1216	2992	Unicorn-63307.exe	39
PID 2992 wrote to memory of 1216	2992	Unicorn-63307.exe	39
PID 2716 wrote to memory of 2872	2716	Unicorn-56722.exe	40
PID 2716 wrote to memory of 2872	2716	Unicorn-56722.exe	40
PID 2716 wrote to memory of 2872	2716	Unicorn-56722.exe	40
PID 2716 wrote to memory of 2872	2716	Unicorn-56722.exe	40
PID 2664 wrote to memory of 2660	2664	Unicorn-22917.exe	41
PID 2664 wrote to memory of 2660	2664	Unicorn-22917.exe	41
PID 2664 wrote to memory of 2660	2664	Unicorn-22917.exe	41
PID 2664 wrote to memory of 2660	2664	Unicorn-22917.exe	41
PID 2872 wrote to memory of 1272	2872	Unicorn-24995.exe	42
PID 2872 wrote to memory of 1272	2872	Unicorn-24995.exe	42
PID 2872 wrote to memory of 1272	2872	Unicorn-24995.exe	42
PID 2872 wrote to memory of 1272	2872	Unicorn-24995.exe	42
PID 2716 wrote to memory of 1800	2716	Unicorn-56722.exe	43
PID 2716 wrote to memory of 1800	2716	Unicorn-56722.exe	43
PID 2716 wrote to memory of 1800	2716	Unicorn-56722.exe	43
PID 2716 wrote to memory of 1800	2716	Unicorn-56722.exe	43
PID 2584 wrote to memory of 3052	2584	Unicorn-42592.exe	44
PID 2584 wrote to memory of 3052	2584	Unicorn-42592.exe	44
PID 2584 wrote to memory of 3052	2584	Unicorn-42592.exe	44
PID 2584 wrote to memory of 3052	2584	Unicorn-42592.exe	44
PID 2704 wrote to memory of 2668	2704	Unicorn-6644.exe	45
PID 2704 wrote to memory of 2668	2704	Unicorn-6644.exe	45
PID 2704 wrote to memory of 2668	2704	Unicorn-6644.exe	45
PID 2704 wrote to memory of 2668	2704	Unicorn-6644.exe	45
PID 2636 wrote to memory of 2336	2636	Unicorn-22726.exe	46
PID 2636 wrote to memory of 2336	2636	Unicorn-22726.exe	46
PID 2636 wrote to memory of 2336	2636	Unicorn-22726.exe	46
PID 2636 wrote to memory of 2336	2636	Unicorn-22726.exe	46

C:\Users\Admin\AppData\Local\Temp\273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\273e924688a1e392f723c68e262ee4d6_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38025.exe
        13⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        14⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18929.exe
        16⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 224
        17⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        15⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35925.exe
        16⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        17⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        18⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        19⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        20⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        21⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        22⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 224
        23⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        21⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 220
        22⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        12⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        14⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        15⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        16⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        17⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58387.exe
        18⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 224
        19⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        14⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 224
        15⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34278.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        13⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        14⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20465.exe
        15⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        16⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        17⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        18⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47164.exe
        19⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
        20⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13157.exe
        21⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        22⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        23⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        23⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
        22⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        13⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        14⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        14⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        15⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        16⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        17⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        18⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-625.exe
        19⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        20⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        21⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15125.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        12⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        13⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 220
        14⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        11⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        11⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33117.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        12⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        14⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        15⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        16⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        17⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        18⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
        19⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        20⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
        21⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        22⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31292.exe
        23⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45250.exe
        15⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        16⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41717.exe
        17⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        18⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        19⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 224
        20⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        19⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        14⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        16⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        17⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        18⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44087.exe
        19⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        20⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        21⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 224
        22⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        18⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        19⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        20⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        21⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 236
        21⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
        20⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        11⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52263.exe
        12⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
        13⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47159.exe
        14⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        15⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        16⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        17⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        18⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        19⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        20⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        21⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        22⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        11⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
        13⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        14⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        15⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24946.exe
        16⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        17⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        18⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 240
        19⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55751.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        12⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 244
        13⤵
        Program crash
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        10⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53998.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        13⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        14⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
        16⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        17⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        18⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        19⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        20⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        21⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        22⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        15⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        16⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        17⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        18⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        19⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19202.exe
        20⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 244
        21⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        17⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        18⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        19⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        20⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
        21⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        15⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        13⤵
        Program crash
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        11⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        12⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
        13⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        14⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        15⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
        16⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        17⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        18⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        19⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        20⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
        21⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 248
        9⤵
        Program crash
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        12⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64141.exe
        13⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5432.exe
        14⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        15⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        16⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56274.exe
        17⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
        18⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
        19⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        11⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33529.exe
        12⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 244
        13⤵
        Program crash
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        10⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        13⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
        14⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 200
        15⤵
        Program crash
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        10⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59436.exe
        11⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13731.exe
        12⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
        13⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        14⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        15⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        16⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62142.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        18⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 224
        19⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 248
        10⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9994.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
        10⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 224
        11⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        12⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
        13⤵
        Program crash
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        12⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46784.exe
        13⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        14⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62090.exe
        15⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        16⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        17⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        18⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        19⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        20⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34782.exe
        16⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56077.exe
        17⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2630.exe
        18⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        19⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
        14⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        15⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        16⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        17⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        18⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        19⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        11⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        12⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
        13⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 224
        14⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9630.exe
        11⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        12⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 224
        13⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54233.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        12⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        13⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
        14⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51845.exe
        15⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7488.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        18⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        19⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        20⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
        21⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        15⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
        16⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47119.exe
        17⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        18⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
        19⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        20⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        21⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        14⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        15⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        16⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        17⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34603.exe
        18⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
        19⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
        20⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31418.exe
        21⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        22⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        11⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        12⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 220
        13⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        11⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1950.exe
        13⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
        14⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        15⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 224
        16⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        14⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        15⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        16⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        17⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
        18⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20025.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        13⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 224
        14⤵
        Program crash
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        12⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 224
        13⤵
        Program crash
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59803.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        12⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        13⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        14⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        15⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13382.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        17⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 224
        18⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 228
        17⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        15⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30143.exe
        16⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        17⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        18⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        19⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59667.exe
        20⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60439.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        11⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        12⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        13⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        14⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41557.exe
        15⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        16⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        17⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62017.exe
        18⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 224
        19⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 248
        13⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
        9⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        10⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        11⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 240
        12⤵
        Program crash
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        12⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        13⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43634.exe
        14⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
        15⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        16⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
        17⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        18⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        19⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 224
        20⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52717.exe
        17⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        18⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
        19⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        20⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
        9⤵
        
        PID:608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 220
        10⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62873.exe
        9⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        10⤵
        Program crash
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34106.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
        11⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43039.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15980.exe
        13⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 220
        14⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        12⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        13⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5167.exe
        14⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        15⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        16⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21677.exe
        17⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        18⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
        19⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        15⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        16⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        17⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        11⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
        12⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        13⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        14⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        15⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        16⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        17⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49542.exe
        18⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        19⤵
        
        PID:5720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 244
        6⤵
        Program crash
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        10⤵
        
        PID:3868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 224
        11⤵
        Program crash
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65109.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        10⤵
        
        PID:752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 224
        11⤵
        Program crash
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51918.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        11⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        12⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        13⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        14⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        15⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
        16⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        17⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
        18⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
        19⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        20⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
        19⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        12⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48078.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13722.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        10⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 220
        11⤵
        Program crash
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        11⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29162.exe
        13⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        14⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        16⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50703.exe
        17⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        18⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        19⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        18⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 248
        7⤵
        Program crash
        
        PID:320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63684.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5909.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        12⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        13⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
        14⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        15⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        16⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62410.exe
        17⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 220
        18⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        15⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        16⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        17⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        18⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        19⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
        20⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
        21⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        22⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        18⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        19⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58906.exe
        20⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        21⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36495.exe
        22⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        14⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
        15⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        11⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        13⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        14⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        15⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        16⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        17⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        18⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        19⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 224
        20⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-261.exe
        11⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 240
        12⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        9⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        10⤵
        Program crash
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        11⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25849.exe
        12⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        13⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        14⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        15⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        16⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
        17⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        18⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        19⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        20⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52881.exe
        21⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 244
        22⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53834.exe
        12⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        13⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        14⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        15⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        16⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        17⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        18⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
        19⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        20⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 220
        21⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        10⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10415.exe
        11⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        12⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 244
        13⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59872.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        11⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
        12⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        13⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 240
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        11⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        12⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        13⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 224
        14⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        8⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
        9⤵
        Program crash
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49031.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        11⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        12⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        13⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32976.exe
        14⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        15⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        16⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
        17⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        18⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        19⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        20⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
        13⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59077.exe
        14⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33783.exe
        15⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        16⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
        17⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6596.exe
        18⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        19⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        11⤵
        Program crash
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 244
        8⤵
        Program crash
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55778.exe
        7⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 224
        8⤵
        Program crash
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
        7⤵
        Executes dropped EXE
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        10⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
        11⤵
        Program crash
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17764.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        10⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
        11⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        12⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 240
        13⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14190.exe
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        12⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        13⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        14⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        15⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        16⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
        17⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34900.exe
        18⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 244
        19⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        Program crash
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-112.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        12⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        13⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        14⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
        15⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        16⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        17⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22618.exe
        18⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        19⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        20⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        17⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12045.exe
        18⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
        19⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7570.exe
        10⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 224
        11⤵
        Program crash
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
        7⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 224
        8⤵
        Program crash
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        11⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        12⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        13⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        14⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
        15⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14414.exe
        16⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 244
        17⤵
        
        PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        7⤵
        Program crash
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12218.exe
        7⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 244
        8⤵
        Program crash
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        7⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 224
        8⤵
        Program crash
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        9⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7753.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        11⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        12⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        13⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8718.exe
        14⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
        15⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
        16⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        17⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        18⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        19⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23731.exe
        20⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41337.exe
        19⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        11⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        12⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
        13⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        14⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        15⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 224
        16⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20641.exe
        15⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        16⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 220
        17⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        7⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 220
        8⤵
        Program crash
        
        PID:2272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        6⤵
        Program crash
        
        PID:2908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20206.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        11⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 220
        12⤵
        Program crash
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
        11⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        12⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
        13⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32591.exe
        14⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34287.exe
        15⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        16⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
        17⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60673.exe
        18⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
        19⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        20⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        21⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        19⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        20⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
        10⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57037.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56481.exe
        12⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        13⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49612.exe
        14⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        15⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13164.exe
        16⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        17⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29841.exe
        12⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        13⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        14⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
        15⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
        16⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        17⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        18⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        19⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11317.exe
        20⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 188
        21⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        16⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
        17⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        18⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        19⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7909.exe
        14⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 220
        15⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 244
        9⤵
        Program crash
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11426.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20014.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        10⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        12⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        13⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        14⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        15⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        16⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        17⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
        18⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2393.exe
        20⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        21⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 248
        9⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        8⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 188
        9⤵
        Program crash
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        11⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
        12⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        13⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        13⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        10⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 224
        11⤵
        Program crash
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28404.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        11⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        12⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        13⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        14⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 220
        15⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23170.exe
        11⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        12⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
        13⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
        14⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        15⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        16⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        17⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        18⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 240
        19⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        16⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27439.exe
        17⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28107.exe
        18⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        19⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        13⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 224
        14⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        13⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        14⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        15⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        16⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        17⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 240
        18⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        14⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        15⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
        16⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        17⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        8⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 224
        9⤵
        Program crash
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
        8⤵
        Program crash
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52705.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        11⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 224
        12⤵
        Program crash
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        9⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 224
        10⤵
        Program crash
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        6⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 244
        7⤵
        Program crash
        
        PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        13⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        14⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        16⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        17⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        18⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 220
        19⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        16⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 220
        17⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        14⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        15⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        16⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51243.exe
        17⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45764.exe
        18⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        19⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26571.exe
        20⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26995.exe
        21⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        17⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2929.exe
        18⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52642.exe
        19⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        20⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        18⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
        19⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        13⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        14⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3291.exe
        16⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 220
        17⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        9⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
        11⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        12⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12234.exe
        13⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
        14⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        15⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        16⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        17⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
        18⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        19⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        20⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        21⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
        17⤵
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 224
        18⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
        11⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        12⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
        14⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        15⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        17⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        18⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        19⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
        20⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        19⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50050.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        10⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 220
        11⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        9⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 240
        10⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15650.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50069.exe
        10⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 220
        11⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        11⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        12⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        13⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        14⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
        15⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        16⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
        17⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 224
        18⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28648.exe
        8⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 224
        9⤵
        Program crash
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        12⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        13⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43686.exe
        14⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        15⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe
        16⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15618.exe
        17⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        18⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        19⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
        20⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
        21⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51644.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37818.exe
        12⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
        13⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        14⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        15⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 224
        16⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57234.exe
        14⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33014.exe
        15⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        16⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
        17⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
        18⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        19⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        20⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        16⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        18⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        19⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
        12⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        13⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45190.exe
        14⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14150.exe
        15⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
        16⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 220
        17⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32742.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        11⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45099.exe
        12⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        13⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58578.exe
        14⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        15⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        16⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        17⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
        18⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 224
        19⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 228
        16⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        9⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8260.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        11⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        12⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
        13⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        14⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        15⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        16⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        17⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        18⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
        19⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 224
        9⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        11⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        12⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 220
        13⤵
        
        PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        9⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        10⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 244
        11⤵
        Program crash
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        11⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        12⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10193.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33168.exe
        14⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        15⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        16⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        17⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 224
        18⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        9⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 220
        10⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19945.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        9⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 220
        10⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 248
        8⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56014.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24020.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1029.exe
        9⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 220
        10⤵
        Program crash
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        11⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        12⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        13⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        14⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        15⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        16⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        17⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        18⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
        19⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        15⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        16⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        17⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        18⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        7⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        8⤵
        Program crash
        
        PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        6⤵
        Program crash
        
        PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12646.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28343.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9315.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        10⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25129.exe
        12⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        13⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        14⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29585.exe
        15⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        16⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        16⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24121.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        9⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 224
        10⤵
        Program crash
        
        PID:4160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 248
        6⤵
        Program crash
        
        PID:2084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe

Filesize
192KB

MD5
0eb5cde027242a418950f78faf195abf

SHA1
24d166526f73cf86b6f7a5f1a7d4abde6bfc9306

SHA256
cccfe641caea1a69af5df408a0230b9422511f27460c2f1db74240eb9721b0d7

SHA512
8256c274e6f5e61ac08f3bce1074f38308644bc665aca75efbc03eb5285fdcff6ec784ca70a29f72268e6eab3f6e64fe91b632563173d3242c797bc30331714b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe

Filesize
192KB

MD5
e8c6fb122c39ac947da0cc04d2ff84a7

SHA1
99ce893edd7f04ecaa2ac46b262ec4bb01f6c7d0

SHA256
f2d2a0b368e9e9e47499dd1884cce31a13f89590780bbf1591cf0424585d821a

SHA512
abddf33fe9a1f73e749e66ba0e9be14726f3dacca771d22137ed275a0d765bd6b3a94b65dbbd15fc877faa876f8af7ebd839e0b2417608adfb7ef32595b4f064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe

Filesize
192KB

MD5
4b864521b0f599a2d6e9bd6444fb585e

SHA1
39ba4b8f6ce5d574279c87a7415d97565a1e5292

SHA256
eedba4e20baae693cc71ab3c8ff7794f9958d7aff4073399697273729b34604d

SHA512
f248df9a67607238c7373a565b1d158e277c2c297da46c14a8d377c26ba201bd8ec527938a32f4587b285e3758757590f0040c1fb7309eb315bf8c8d8ce25f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe

Filesize
192KB

MD5
60df1d2cff519a21360a0d978dd70429

SHA1
1beefe8b899d91fd8c1a2cb14b8c038d9622cd8d

SHA256
0ec17755d6d556b2798b4d97cc82dc53a506b27347d2680ce29270cc9654a756

SHA512
8642ecc9dcff78ec86d892f1a961289c0650339fb32d764bd05fe1a1aa5cf3b562864203ec3c787175c274dd28017ac90c40d4313087fb2b16c3328ce36ec5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24995.exe

Filesize
192KB

MD5
6be1567c1b45f1f01022c35284255b4f

SHA1
c92fd056d2437092b8277a1c7f8bff9c36780636

SHA256
ecb0bd5fff20366bd96ae576f491e2706bd4e141c1e8282ab4430ff3ab912c44

SHA512
e50ef5edd5e2ae13a80dd50be3d040920747313563c073b9571b794813e3ff8960afb471f3fc09f32bfbe763c25fd2d0ca751797e92bf92cf4afc0eaf898e107

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe

Filesize
192KB

MD5
765b7314137f829c02a562b27cec089f

SHA1
53cb795126b3ce99368fd760aebedb32a1dba7ed

SHA256
9572329b30a1273132abc5cf5537aa4519e966a9729d73290b24ae4225d5853a

SHA512
f8fbf650b830d0af37a765653cdea1ab79f9b95d26ab6f4c0b8fd04e0d52680253bdc974e454e35bce35893ee6ce3972c72c7478a74caa6bf748cd2249cfd82e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe

Filesize
192KB

MD5
f7167d6ff4773049d75648ffb9599253

SHA1
1b8b4808f019d428813735a0dc42c2be09e90867

SHA256
0ca34056c1fc8df35d6c08e23ef5e0febc58c7c6b03e48658b6a45fe46b55f4b

SHA512
4ac58a41ce56be76610413df5c006b3ffc4fda472edbc897e8413359fbcf1e94a9c6af6775d152b9862657648d0498bc45d208eae94b7d1323f8d190086e7011

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe

Filesize
192KB

MD5
7d163ed1be916b299a24a1ef30c51635

SHA1
8a13b59f16a213e27df63ca579c22a52b99bae1c

SHA256
2eeadc7007046f64947af33917fc6b21c712acb78a16989d7f78d2aa8e37dbb3

SHA512
9a39f39ec671dddce9ffc9be8a1702c13ad57027ca9acdbcc514377d431fd0bfe5ecbdbf7301034f478f0faf5dfe27a172cfc67242ac2e44ce8a3674ef3d8916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe

Filesize
192KB

MD5
6c6505f39b3f3dbe0dcc367f5dffd59e

SHA1
bb636615528fca635304d2cd5b22a49861a94a4f

SHA256
b01709d87e36938c87300c8b2ee39382929f8b616da2c4fd2ce83d359fe98309

SHA512
03c9a2e807412bdc449768590d4f277a3994ac3a7f2cf91d21fc562a76e02a29c46de3ab406f1c99733f785b55373220bf9821e8fb5d00016ee40c419e3f09fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe

Filesize
192KB

MD5
0c20433839f49d03f60a4b28a01d930b

SHA1
28c2f5f6997395b3172a4f2b67e2e4cc7347b548

SHA256
a8b0a02be88035e387bf9252a509a6ebed346c773a2c54d1d75f7837b7a3385a

SHA512
1f9d58809e43d68b5b0ecbc3cfcb2fde7e044c41562647e663c088f8d05d1d3cb3b23b47b42aca49c1f678017226c8f67197a595401445fbbfeced49f8d04c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5836.exe

Filesize
192KB

MD5
260a7c767dc3ba6cd780571c3df0a8ac

SHA1
149f781aa3e8678ca281bebaa1c140e9638b8a94

SHA256
a340cb893977f7b3b9dce75c4fbbe0f329321dea3db0421d2c6e10a1ea6d2bbe

SHA512
cf343078f300801e24aa9cd5aade8484f2d8fee5460733029d5495d5fa60f760f628f8e208bb576f2d5266d796cab4e9124731f5b1a4f6dffdb3e43f66556592

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5909.exe

Filesize
192KB

MD5
1404146ae0b7871cf26c2e3f9906c0a5

SHA1
6b7315868fcc7ca75ff107d25b53bf794dbcb899

SHA256
169a1d0eb2bb9bebd0e349ac676dab1c231e832e404d979096f0d47d868989e7

SHA512
54ecbb464107b3e0e4f133c963fe5a8d06175af9bd6f5e2013f2b58f0c595ac4c7c4af93e2f5715f15c8de06b206df3e1a3d1b86913a106b3edaddf949413a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe

Filesize
192KB

MD5
8031696594bf17fcad91e349299ef1fc

SHA1
741f88b9e507b2cea7b5a7ab88adb22327c7852e

SHA256
43d0d1044e44fb2d8b67158bbe5e4b95fbf5770c1c51732237d02bb5d0f204b8

SHA512
3f790e121bc7fed54b5f08190dd7aadd3f343c945cbddb2378b4464f934a811ea63b98cc8611817e00da586e527669f1b0bc14bd36ddc18c99196ecfe1d84652

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5935.exe

Filesize
192KB

MD5
a434eca5fd73f84378c5f60223b9fba2

SHA1
4715dbf5513f6696dccd1674e7fb4e52935be60a

SHA256
428727b6f542b8187aa152fe0f40fa18b4f5f4188182726ba83cfd7f6564a6a7

SHA512
5ca3f78bd40a297b6e10a800a2ac287216c1a6950a72ce463eecdcd2158b57f17993957e1f68470af3fa730d334380ab0d0797f649a55a7afd476f8f5d9b5332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe

Filesize
192KB

MD5
c620f88a2e36c369ec1a995b7134eff1

SHA1
00dec5e5c34881b110c9392a58a48bbf00149e74

SHA256
516d04d87895a2754521431e0e21dc10e63ee93f08251ea73a0037867c3913f0

SHA512
166a6ee651456e7aa385b1075d6afd9a54abbcc02e1f1bfa98066612b2055e7e9042f9c2195f859cec3396c91afbb31fc766311727fe1cdbae4273be480b6897

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe

Filesize
192KB

MD5
1ee8aef8291101bd7f6122b3cfa42fed

SHA1
be6a414593d93ca2a7f834fa7a175887ed1ca515

SHA256
9b36a7b97dd7fe9086558ab95cae911f05366ed3c26645f4f87bf48cbf4de7cf

SHA512
b0aae223c7e99f7b62b4ddccc483400ded9d54e2bfb63d3db48b9a311e4593d26877af97e3eb125af5e90989e53ea719276c87e69c6e33d09466b66011dc0340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe

Filesize
192KB

MD5
73fa5568d35f8dbd070e91f638bbccb3

SHA1
da8a80f0132f53c044ae9402c10c51aaa5b75734

SHA256
fd766661fa808f794428ce645473382d35c3cf5a9e5f0bb51bdd149085895e85

SHA512
53551961ee6aa97d0e29710f674c1016959427fbe9e8122a12e07b5e57912529cfea8b7e8f87bd19808e1965e238357b763ae671ffa7345ba54c55d3aa617666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
192KB

MD5
3d4ef0cad4907cf7620dc0792280a518

SHA1
7c6d5da7db78cba8a8ca975e7e5850481b48eb06

SHA256
544bb58d7194cce6690fea78a64f7c3ad26a8fcce8f8accc5e048a01d13a9292

SHA512
9e4080b62171d8e1ee6c4c8d4d21429a7154c7b0c6ce570b0e298447098ee13a80c8b0d47b91d14f36865397a46c48741b24a2d450404c155087ddbd963c2f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe

Filesize
192KB

MD5
79c0ee18b1d3523bbaad790c9cb1e38e

SHA1
bd48adc47f12bdf310f4113896c2f00c43c6ddf5

SHA256
09d5b8665700643a7b88f2abdbff67b470b4fd3bf99043a3487ea88647a7a453

SHA512
080fdf0d84c39974cdf00aa15c7641b28a678d1fe0453ded1c0e62f2c8cd96fd4206c9b742e5e7b646c120d161a08114ec79bebe7e8970a47238c4594bb8360e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10332.exe

Filesize
192KB

MD5
d9eea6e1c1add6b5483a0d6438ddb53e

SHA1
b9dbeeae5a078d1a4f55e161b0ea96f1ef31a4ed

SHA256
429dd1532173b1f1ef08340ec94f51f0eb0e420ec32297630a3e8188ab213a64

SHA512
ebe4f40ec7a9426d1048498b0b28fdedd3c1ee01df2cf74d04a4a183446de1e772dc44e0d833bf557bdf82f2676ac9a789c02bad8ce0ebb0d563ae9974702b9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe

Filesize
192KB

MD5
8f662a2e9ce0975f8a0687de9c92f9cd

SHA1
d92057642c8c72c0328a0f253dcfcdb16916fa59

SHA256
04155ba3d36f7f9ab101c0a14106c460dcc4bf51e0ebd6461098b0d1c000f9dd

SHA512
78847046dece9c558deea7c90d421dbcb9304cb2d4486ecc7da8d66aeb58e7721bf5353493e8a92a1b626293d00487147ab76c44d2ea81ea2ec28496fe800c18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe

Filesize
192KB

MD5
5dfa3ed2c5a3bf5b221a6b82df70f8f3

SHA1
84d86309fa650de2896e656e5140469004595e80

SHA256
798187636e93c56286ae1df93164459ea128754ddf5c0af9fd7ba62e228f91e3

SHA512
0da91aff5e400e6318f7716c770a6012f2a60ca5d206e1f1c4c9c461eabc42be18079dc050dc576268413cd9e40dd297efb42a4fdb4bbb00113b2122afe48fbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe

Filesize
192KB

MD5
3b985a01b66b109a966f41d694d1a1e2

SHA1
58ae6035cf7f1c98afcc2b9a775f7797d24037ff

SHA256
8e922c871ef146ece987fa533e4bcfaacdfc57f8d6d8588bde94691c5fa9e8ed

SHA512
ff50807a6a45ee70ada9b6e755cc78d2891ad2732209cb559bd701d27649befc501c4caf268e970ff89f897e1eee23f934f2be6dc324aac098db726427bdbadc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe

Filesize
192KB

MD5
5c8ebf242c1aa9e4895ef1562119f963

SHA1
f0b00e4739250ecc1ba90875505600d27a05dc11

SHA256
0bec445abd7506c257c3df1ee81931d76e3d981b4a8c0a8424a47681832e3c63

SHA512
542864f132cb6e175878a041a63ace2b167188ef0047b5a1573d27beec5494ef22a8cfc38eea42169f9953f7b7fe7d49b91a22e6ee670ca663108b61c7539371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe

Filesize
192KB

MD5
5c59f7e5cce42783db0eb584dfe0e47a

SHA1
6c149b2d3308523433a2dd302d9e88ac755a7b1c

SHA256
0f8c98ab1035ad9b1157f97db37f86ab093edbbaf89841aad46bec80128ab571

SHA512
3bb526018caa07c3cd3f5ff470ccc488b9a2f2f909968e85b3d10d78275f069a1e2861fc9ac14651e11482e68350c95709c4237809607b24f88505ab3024c0d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43903.exe

Filesize
192KB

MD5
d27f25132b01b12626107b0f41d18167

SHA1
c264824aa47ac5ccd5442bf58f4426ffa99adf29

SHA256
467f2c4069ece8a8d54f5782c4cd595b2cbe81e53212922ca9edc92eefd2a4ce

SHA512
b42d53ba5b0b58279cf4186905cee41775eafa999237c315f1492d488787aa094e7a36a69152aa18d4b312657be2e9033c335438405d539cc2703bf950ea210e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe

Filesize
192KB

MD5
cfabd6cb0d88287cdb8a72196c412de7

SHA1
d8b3517ec1dc98c584869f48dd99ff0abc47accd

SHA256
1357798ec1bba149edae39798eb30235218f2ec774ffe5d08a1a9d11ee79e94f

SHA512
85c5ddcabc1bdfe6e8c7039a7f9fec3a5e304ba7cacdddacdcc8002cccc34dd1bceb118efe6ae1b7086c8f17a949a2b0039a68bb967f593968a881563a1e5321

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe

Filesize
192KB

MD5
e711ac01a8d2bfe52b68a206df7ba3b3

SHA1
42bc0138473dbcc1ae886fac66ef308a7dcf4f45

SHA256
e4f77ceee4c2eafac43ea05206c0ba84d986f909fd9f9ce6ceca760c6f395b05

SHA512
02b447d9459f81c65f7a5bed331d14ccc16d03ac0d4e04dbe8c3407546af3d62da2b042618f48e4985f2d9da1987af0381212abee4e2de283d027025228443e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe

Filesize
192KB

MD5
66ee00aac04637781bc40304f0ac7563

SHA1
4c1481f7d00549cd856da3a2e9533764c09feab8

SHA256
3b0542db103c249a7b471f5b39fed4cd922743ea87784f5f20b62dc9a0259f08

SHA512
fca4858fb012d6d25fec190ccc5145aaf2f582576d92bbf65f2769312ff53f6276388512b880a29553522dd66e78c4d237928eb2c08af3c8d983760ce0e90914

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe

Filesize
192KB

MD5
40d5348210536b19616ea783b325067e

SHA1
8c6caf5185c427200eaf1cc32c85407b47fe9fe1

SHA256
d7189efe6e8fe33abb69827e6d2df6d456f5c505452422d78cb9d707a49bf135

SHA512
74660141d4dddf177b72ec866bad37258bc77e369a3ae3698849ecf98a09864e1b9d8b1a5cfd68b25dfa69cad0696133bc15ddcf4cefe1dd9df09fd514c5437c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe

Filesize
192KB

MD5
08f3bb8e56238e1ceae51dd0ac3f29f4

SHA1
f847783e23e8d84689f2b31546a4a0832877f7f3

SHA256
2b7ebcd960837f6a3292cd6a0d794c11cbfa54271c7bc06259c4cc773c6662c5

SHA512
6664dedce53dd2e71821677b5245157515cd073fd709a3cbe00b3993107048f7c11caae0fcd146dc6b91b167ca9127ea0d9f83d4ec99c10f41c6333fab4a7426

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63446.exe

Filesize
192KB

MD5
5910a4ac6cd7aeb54fd4833c0dd4cc02

SHA1
a9d37402a32d3733ef7aee3f081cd30f3e4268f5

SHA256
00ba4959860a576e2ee1f8df89ec87e9c616840dff16838bc38668d266411e4c

SHA512
8b38fdf9523cd9b7b2eff6ec6fc4035895d1804f8277cfdf390a4c42ef765c69a915543236f69d5ac6b5c4a53363d442693110d95506809ae5ef93f6772db7a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe

Filesize
192KB

MD5
bb79da507386b4537d397b5c689f0f3e

SHA1
aab180e982ea78166b4a874440cff6212e5f33a0

SHA256
672885182180f0ab9333537a74fe97b729daff76d08f04972f84b6ddd092c9a2

SHA512
c4aa73fefdf2cd641b4b84a5578dc95668aaaeeccc91627e5235253aa9746a998bd4a85c64d2f5b7f0e34c1840e15c191e8e4f5732cd979089194b3cb1b9ffe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9918.exe

Filesize
192KB

MD5
c2f943a6124f47aaf37c54636fa91ad0

SHA1
c554d954735c8bdfc5996b4cfd03114f5159d965

SHA256
bbd9ac28dc061b9049c8d278d2b2b62b982345c2635f22c52afe571e16891c63

SHA512
fa32bbc9ea24cb97d101421bc74380ce6e8d37478c7867711e5b767877e786928cd99879c806e88422904a14f31c36ebb552f1e72fc60b89af9b4a72d3c9821f

Download Submit
memory/3044-2053-0x00000000027A0000-0x00000000028FC000-memory.dmp

Filesize
1.4MB

Download
memory/3044-2054-0x00000000030D0000-0x00000000031E0000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads