fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10/07/2024, 07:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe
Size

184KB
MD5

149303b9683a7f90111d19948b12a9c7
SHA1

24f7ab1d920f0df0f7512f0fd49b58e889bc4870
SHA256

fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916
SHA512

c6638b35957b4942cf5ca8c204369c1f839ce6a74d46686cbb5a2d9bd03934be8f3b2ee350c770c113de786d2a589fcf10170a275699328ffeeb708efe4543c0
SSDEEP

3072:9rCPSUonr94KZn0SWOjbiKZ8klvnqtxiuB:9r0oqSn0WiG8klPqtxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3168	Unicorn-1160.exe
1500	Unicorn-18959.exe
4804	Unicorn-64009.exe
2648	Unicorn-44340.exe
2684	Unicorn-9432.exe
4612	Unicorn-39644.exe
1732	Unicorn-25961.exe
920	Unicorn-58368.exe
820	Unicorn-43086.exe
2988	Unicorn-38487.exe
3372	Unicorn-60081.exe
4460	Unicorn-43745.exe
1904	Unicorn-38876.exe
4928	Unicorn-11264.exe
1264	Unicorn-56936.exe
3688	Unicorn-43175.exe
1260	Unicorn-3776.exe
3744	Unicorn-40127.exe
1912	Unicorn-11368.exe
2112	Unicorn-21574.exe
3932	Unicorn-37985.exe
4768	Unicorn-43007.exe
904	Unicorn-54513.exe
4996	Unicorn-49832.exe
1648	Unicorn-4160.exe
5016	Unicorn-25135.exe
2548	Unicorn-38094.exe
1460	Unicorn-53096.exe
3712	Unicorn-47231.exe
3416	Unicorn-27895.exe
4440	Unicorn-37129.exe
852	Unicorn-8820.exe
224	Unicorn-27809.exe
2416	Unicorn-62903.exe
2748	Unicorn-30113.exe
468	Unicorn-51472.exe
1464	Unicorn-46641.exe
1772	Unicorn-31301.exe
3420	Unicorn-7336.exe
5116	Unicorn-36863.exe
3632	Unicorn-40201.exe
2032	Unicorn-25405.exe
3488	Unicorn-31073.exe
2452	Unicorn-28123.exe
5076	Unicorn-34254.exe
1892	Unicorn-512.exe
2744	Unicorn-28315.exe
2864	Unicorn-60111.exe
4332	Unicorn-46376.exe
1276	Unicorn-57808.exe
540	Unicorn-33145.exe
2808	Unicorn-21679.exe
2580	Unicorn-32614.exe
4704	Unicorn-62601.exe
4588	Unicorn-51484.exe
1032	Unicorn-59456.exe
4484	Unicorn-5616.exe
924	Unicorn-64905.exe
4016	Unicorn-48569.exe
4808	Unicorn-64832.exe
1256	Unicorn-38324.exe
4020	Unicorn-56846.exe
5004	Unicorn-3239.exe
2668	Unicorn-23105.exe

Program crash 46 IoCs

pid	pid_target	Process	procid_target
4808	3688	WerFault.exe	100
4056	1264	WerFault.exe	99
1976	2548	WerFault.exe	111
2184	3416	WerFault.exe	114
2828	3712	WerFault.exe	113
3592	1648	WerFault.exe	109
4528	2032	WerFault.exe	131
4232	3632	WerFault.exe	130
3084	2580	WerFault.exe	144
2892	5076	WerFault.exe	134
6836	3520	WerFault.exe	191
7064	2496	WerFault.exe	194
7140	2452	WerFault.exe	133
6524	6244	WerFault.exe	284
7600	3532	WerFault.exe	183
7588	4020	WerFault.exe	161
7580	2668	WerFault.exe	163
7872	5104	WerFault.exe	167
624	5928	WerFault.exe	237
5448	1324	WerFault.exe	174
9596	5576	WerFault.exe	221
8692	5440	WerFault.exe	215
10812	5852	WerFault.exe	232
10836	1436	WerFault.exe	180
10804	5936	WerFault.exe	238
9908	4768	WerFault.exe	106
9636	1656	WerFault.exe	204
9648	592	WerFault.exe	203
9552	1688	WerFault.exe	193
1308	4704	WerFault.exe	152
8392	4016	WerFault.exe	157
9188	2652	WerFault.exe	505
10824	1260	WerFault.exe	101
10568	1032	WerFault.exe	153
10456	3932	WerFault.exe	105
11900	6860	WerFault.exe	353
12648	11012	WerFault.exe	664
12400	2088	WerFault.exe	328
11888	4512	WerFault.exe	267
12084	6552	WerFault.exe	292
6064	7340	WerFault.exe	363
5712	8296	WerFault.exe	480
15660	6024	WerFault.exe	414
15696	2412	WerFault.exe	435
15728	7192	WerFault.exe	357
18296	8884	Process not Found	485

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe
1500	Unicorn-18959.exe
4804	Unicorn-64009.exe
2648	Unicorn-44340.exe
2684	Unicorn-9432.exe
4612	Unicorn-39644.exe
1732	Unicorn-25961.exe
920	Unicorn-58368.exe
820	Unicorn-43086.exe
2988	Unicorn-38487.exe
3372	Unicorn-60081.exe
4460	Unicorn-43745.exe
4928	Unicorn-11264.exe
1264	Unicorn-56936.exe
1904	Unicorn-38876.exe
3688	Unicorn-43175.exe
1260	Unicorn-3776.exe
3744	Unicorn-40127.exe
1912	Unicorn-11368.exe
2112	Unicorn-21574.exe
3932	Unicorn-37985.exe
4768	Unicorn-43007.exe
904	Unicorn-54513.exe
1648	Unicorn-4160.exe
4996	Unicorn-49832.exe
3416	Unicorn-27895.exe
5016	Unicorn-25135.exe
1460	Unicorn-53096.exe
2548	Unicorn-38094.exe
3712	Unicorn-47231.exe
4440	Unicorn-37129.exe
852	Unicorn-8820.exe
224	Unicorn-27809.exe
2416	Unicorn-62903.exe
2748	Unicorn-30113.exe
468	Unicorn-51472.exe
1464	Unicorn-46641.exe
1772	Unicorn-31301.exe
3420	Unicorn-7336.exe
5116	Unicorn-36863.exe
3632	Unicorn-40201.exe
2032	Unicorn-25405.exe
3488	Unicorn-31073.exe
2452	Unicorn-28123.exe
2808	Unicorn-21679.exe
1892	Unicorn-512.exe
5076	Unicorn-34254.exe
2744	Unicorn-28315.exe
2864	Unicorn-60111.exe
1276	Unicorn-57808.exe
4332	Unicorn-46376.exe
2580	Unicorn-32614.exe
4704	Unicorn-62601.exe
4588	Unicorn-51484.exe
924	Unicorn-64905.exe
4484	Unicorn-5616.exe
1032	Unicorn-59456.exe
4016	Unicorn-48569.exe
4808	Unicorn-64832.exe
1256	Unicorn-38324.exe
4020	Unicorn-56846.exe
3948	Unicorn-63375.exe
5004	Unicorn-3239.exe
3688	Unicorn-32617.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 3168	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	85
PID 4592 wrote to memory of 3168	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	85
PID 4592 wrote to memory of 3168	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	85
PID 4592 wrote to memory of 1500	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	86
PID 4592 wrote to memory of 1500	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	86
PID 4592 wrote to memory of 1500	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	86
PID 1500 wrote to memory of 4804	1500	Unicorn-18959.exe	87
PID 1500 wrote to memory of 4804	1500	Unicorn-18959.exe	87
PID 1500 wrote to memory of 4804	1500	Unicorn-18959.exe	87
PID 4592 wrote to memory of 2648	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	88
PID 4592 wrote to memory of 2648	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	88
PID 4592 wrote to memory of 2648	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	88
PID 4804 wrote to memory of 2684	4804	Unicorn-64009.exe	89
PID 4804 wrote to memory of 2684	4804	Unicorn-64009.exe	89
PID 4804 wrote to memory of 2684	4804	Unicorn-64009.exe	89
PID 1500 wrote to memory of 4612	1500	Unicorn-18959.exe	90
PID 1500 wrote to memory of 4612	1500	Unicorn-18959.exe	90
PID 1500 wrote to memory of 4612	1500	Unicorn-18959.exe	90
PID 2648 wrote to memory of 1732	2648	Unicorn-44340.exe	91
PID 2648 wrote to memory of 1732	2648	Unicorn-44340.exe	91
PID 2648 wrote to memory of 1732	2648	Unicorn-44340.exe	91
PID 4592 wrote to memory of 920	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	92
PID 4592 wrote to memory of 920	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	92
PID 4592 wrote to memory of 920	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	92
PID 2684 wrote to memory of 820	2684	Unicorn-9432.exe	93
PID 2684 wrote to memory of 820	2684	Unicorn-9432.exe	93
PID 2684 wrote to memory of 820	2684	Unicorn-9432.exe	93
PID 4804 wrote to memory of 2988	4804	Unicorn-64009.exe	94
PID 4804 wrote to memory of 2988	4804	Unicorn-64009.exe	94
PID 4804 wrote to memory of 2988	4804	Unicorn-64009.exe	94
PID 4612 wrote to memory of 3372	4612	Unicorn-39644.exe	95
PID 4612 wrote to memory of 3372	4612	Unicorn-39644.exe	95
PID 4612 wrote to memory of 3372	4612	Unicorn-39644.exe	95
PID 1732 wrote to memory of 4460	1732	Unicorn-25961.exe	96
PID 1732 wrote to memory of 4460	1732	Unicorn-25961.exe	96
PID 1732 wrote to memory of 4460	1732	Unicorn-25961.exe	96
PID 1500 wrote to memory of 1904	1500	Unicorn-18959.exe	97
PID 1500 wrote to memory of 1904	1500	Unicorn-18959.exe	97
PID 1500 wrote to memory of 1904	1500	Unicorn-18959.exe	97
PID 920 wrote to memory of 4928	920	Unicorn-58368.exe	98
PID 920 wrote to memory of 4928	920	Unicorn-58368.exe	98
PID 920 wrote to memory of 4928	920	Unicorn-58368.exe	98
PID 2648 wrote to memory of 1264	2648	Unicorn-44340.exe	99
PID 2648 wrote to memory of 1264	2648	Unicorn-44340.exe	99
PID 2648 wrote to memory of 1264	2648	Unicorn-44340.exe	99
PID 4592 wrote to memory of 3688	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	100
PID 4592 wrote to memory of 3688	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	100
PID 4592 wrote to memory of 3688	4592	fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe	100
PID 820 wrote to memory of 1260	820	Unicorn-43086.exe	101
PID 820 wrote to memory of 1260	820	Unicorn-43086.exe	101
PID 820 wrote to memory of 1260	820	Unicorn-43086.exe	101
PID 2684 wrote to memory of 3744	2684	Unicorn-9432.exe	102
PID 2684 wrote to memory of 3744	2684	Unicorn-9432.exe	102
PID 2684 wrote to memory of 3744	2684	Unicorn-9432.exe	102
PID 2988 wrote to memory of 1912	2988	Unicorn-38487.exe	103
PID 2988 wrote to memory of 1912	2988	Unicorn-38487.exe	103
PID 2988 wrote to memory of 1912	2988	Unicorn-38487.exe	103
PID 4804 wrote to memory of 2112	4804	Unicorn-64009.exe	104
PID 4804 wrote to memory of 2112	4804	Unicorn-64009.exe	104
PID 4804 wrote to memory of 2112	4804	Unicorn-64009.exe	104
PID 3372 wrote to memory of 3932	3372	Unicorn-60081.exe	105
PID 3372 wrote to memory of 3932	3372	Unicorn-60081.exe	105
PID 3372 wrote to memory of 3932	3372	Unicorn-60081.exe	105
PID 4612 wrote to memory of 4768	4612	Unicorn-39644.exe	106

C:\Users\Admin\AppData\Local\Temp\fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe
"C:\Users\Admin\AppData\Local\Temp\fc1c6de770839476e8a52ebd4c045f6ef06fe57de02b9d1d1fe768d1f0803916.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
  2⤵
  - Executes dropped EXE
  PID:3168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62601.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        9⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 632
        10⤵
        Program crash
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        9⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
        10⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        11⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        11⤵
        
        PID:16312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        10⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        10⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        10⤵
        
        PID:15116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        10⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        10⤵
        
        PID:15024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 740
        9⤵
        Program crash
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        11⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        11⤵
        
        PID:14304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        10⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
        9⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        10⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-190.exe
        10⤵
        
        PID:16204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 672
        9⤵
        Program crash
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        10⤵
        
        PID:13880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15300.exe
        8⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        8⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
        8⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        8⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59456.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        10⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        11⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63600.exe
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 636
        9⤵
        Program crash
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        8⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        9⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        10⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        10⤵
        
        PID:15524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        9⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        9⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        9⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21006.exe
        9⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        9⤵
        
        PID:15316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 508
        8⤵
        Program crash
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19190.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        9⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        10⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        10⤵
        
        PID:14976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        9⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        9⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        9⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        9⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        8⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        8⤵
        
        PID:16212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41029.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        8⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        8⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        8⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
        8⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        8⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 712
        7⤵
        Program crash
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11672.exe
        8⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        9⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
        8⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        10⤵
        
        PID:13516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        10⤵
        
        PID:16304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        9⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        8⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        8⤵
        
        PID:14288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        10⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        10⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        10⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        9⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62327.exe
        9⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
        9⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        8⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        8⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        8⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        7⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        8⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        9⤵
        
        PID:13288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        9⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        7⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 632
        8⤵
        Program crash
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        7⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 720
        8⤵
        Program crash
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        6⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6520.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        9⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57368.exe
        9⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        8⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        8⤵
        
        PID:14968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        7⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
        8⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        7⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        7⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        7⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31102.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        7⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        7⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
        6⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        7⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1710.exe
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
        6⤵
        
        PID:15616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27809.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        8⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        9⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        9⤵
        
        PID:13352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        8⤵
        
        PID:14052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        7⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19105.exe
        8⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 632
        9⤵
        Program crash
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        8⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
        8⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        7⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        8⤵
        
        PID:14168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60359.exe
        7⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        7⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        7⤵
        
        PID:16280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        7⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        8⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        9⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        9⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        8⤵
        
        PID:14200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        8⤵
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        8⤵
        
        PID:15148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8791.exe
        7⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        7⤵
        
        PID:13136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        7⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        7⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        7⤵
        
        PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        7⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        9⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        10⤵
        
        PID:15264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        8⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56615.exe
        8⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        8⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        8⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        7⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9896.exe
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9672.exe
        9⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 636
        8⤵
        Program crash
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2310.exe
        7⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 504
        7⤵
        Program crash
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        7⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        8⤵
        
        PID:14208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
        7⤵
        
        PID:184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        8⤵
        
        PID:13260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        8⤵
        
        PID:15340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        6⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        8⤵
        
        PID:11424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        8⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63929.exe
        7⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        7⤵
        
        PID:15356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        6⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        7⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        5⤵
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
        6⤵
        
        PID:13224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        5⤵
        
        PID:11496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
        5⤵
        
        PID:10896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        9⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12392.exe
        10⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        10⤵
        
        PID:13096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        7⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        9⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 624
        9⤵
        Program crash
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        8⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        8⤵
        
        PID:15640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43577.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        8⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45505.exe
        10⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        10⤵
        
        PID:16332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        9⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        9⤵
        
        PID:14264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43343.exe
        8⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        9⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        9⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38200.exe
        8⤵
        
        PID:11268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19854.exe
        8⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        8⤵
        
        PID:15628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        7⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        9⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49776.exe
        9⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        8⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        8⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        8⤵
        
        PID:14936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        6⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 632
        7⤵
        Program crash
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        8⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 636
        7⤵
        Program crash
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25574.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        6⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        6⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        8⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        9⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        9⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        9⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 620
        8⤵
        Program crash
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 632
        7⤵
        Program crash
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        7⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        8⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        7⤵
        
        PID:12648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
        6⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        6⤵
        
        PID:10944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46847.exe
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55289.exe
        6⤵
        
        PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        5⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        6⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        8⤵
        
        PID:14184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 636
        6⤵
        Program crash
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
        7⤵
        
        PID:12868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        7⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        6⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        7⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        6⤵
        
        PID:14944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        5⤵
        
        PID:7652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        6⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        5⤵
        
        PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30897.exe
        9⤵
        
        PID:13328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        8⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        8⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        8⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        8⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        7⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
        7⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28214.exe
        7⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        7⤵
        
        PID:15272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        5⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        8⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        9⤵
        
        PID:12736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        9⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        7⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        6⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        7⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        7⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        6⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        6⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        7⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        6⤵
        
        PID:14280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51925.exe
        5⤵
        
        PID:11068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        5⤵
        
        PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        5⤵
        Executes dropped EXE
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        6⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
        7⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        8⤵
        
        PID:14116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 660
        6⤵
        Program crash
        
        PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63375.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        5⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        6⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47425.exe
        8⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        7⤵
        
        PID:14148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 640
        6⤵
        Program crash
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        5⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        6⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:12224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12344.exe
      4⤵
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        5⤵
        
        PID:9076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        5⤵
        
        PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
      4⤵
      PID:11484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
      4⤵
      PID:10912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        10⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        10⤵
        
        PID:14312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
        8⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        9⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        7⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        7⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        8⤵
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        7⤵
        
        PID:11380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
        6⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
        7⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        7⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6487.exe
        7⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        7⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41687.exe
        6⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        8⤵
        
        PID:14244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64053.exe
        7⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        7⤵
        
        PID:15260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        6⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25417.exe
        7⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        7⤵
        
        PID:14824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 716
        6⤵
        Program crash
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20345.exe
        8⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        10⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        8⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        8⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        5⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        6⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
        7⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        8⤵
        
        PID:12516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        8⤵
        
        PID:14920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        7⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        7⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        7⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        6⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        7⤵
        
        PID:14192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 656
        6⤵
        Program crash
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        5⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52935.exe
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        6⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:13112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        5⤵
        
        PID:15172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        8⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 656
        8⤵
        Program crash
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        8⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        8⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        6⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        7⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 636
        7⤵
        Program crash
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        7⤵
        
        PID:15252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54224.exe
        6⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        6⤵
        
        PID:13588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        8⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        8⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 656
        7⤵
        Program crash
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        6⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        7⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32255.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        7⤵
        
        PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34094.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:7132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 748
        5⤵
        Program crash
        
        PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        6⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        8⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        8⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        8⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        7⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-475.exe
        7⤵
        
        PID:14128
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 628
        6⤵
        Program crash
        
        PID:5448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 724
        5⤵
        Program crash
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        6⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        7⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        6⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
        7⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        5⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        5⤵
        
        PID:11036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        5⤵
        
        PID:14832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
      4⤵
      PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        5⤵
        
        PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        5⤵
        
        PID:10632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28118.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        5⤵
        
        PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
      4⤵
      PID:7952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
      4⤵
      PID:10136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52335.exe
      4⤵
      PID:14320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 720
        5⤵
        Program crash
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        5⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        7⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        8⤵
        
        PID:12168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        7⤵
        
        PID:9308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 632
      4⤵
      Program crash
      PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
    3⤵
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
      4⤵
      PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
    3⤵
    PID:6244
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 488
      4⤵
      Program crash
      PID:6524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
    3⤵
    PID:8140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
      4⤵
      PID:13644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
    3⤵
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41415.exe
    3⤵
    PID:11432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
    3⤵
    PID:6328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
    3⤵
    PID:16292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 636
        6⤵
        Program crash
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        6⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32177.exe
        9⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
        10⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        9⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51717.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27046.exe
        8⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        8⤵
        
        PID:13144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        8⤵
        
        PID:15012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 640
        7⤵
        Program crash
        
        PID:7600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        6⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13311.exe
        7⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        7⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        6⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        7⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        7⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        6⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 464
        7⤵
        Program crash
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60991.exe
        5⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8440.exe
        7⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        8⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        7⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24319.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31641.exe
        7⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        7⤵
        
        PID:13556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        7⤵
        
        PID:14796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11686.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        6⤵
        
        PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        6⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        7⤵
        
        PID:15324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        6⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9582.exe
        6⤵
        
        PID:12724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        6⤵
        
        PID:15100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        5⤵
        
        PID:8184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        6⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        6⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63806.exe
        5⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7214.exe
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        5⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        8⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 612
        8⤵
        Program crash
        
        PID:15660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        7⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
        7⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9903.exe
        6⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        7⤵
        
        PID:11732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        7⤵
        
        PID:13276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 736
        6⤵
        Program crash
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60969.exe
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        6⤵
        
        PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20479.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50165.exe
        6⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        5⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        6⤵
        
        PID:11116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        5⤵
        
        PID:11112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
        5⤵
        
        PID:4408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        6⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        7⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63041.exe
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        9⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63048.exe
        6⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        7⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        7⤵
        
        PID:14296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        5⤵
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50352.exe
        6⤵
        
        PID:15332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25496.exe
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        6⤵
        
        PID:11160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        6⤵
        
        PID:15648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        5⤵
        
        PID:10872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
        5⤵
        
        PID:15136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
      4⤵
      PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        6⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
        5⤵
        
        PID:7340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 632
        6⤵
        Program crash
        
        PID:6064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        5⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        6⤵
        
        PID:13296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        6⤵
        
        PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60816.exe
      4⤵
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28505.exe
        5⤵
        
        PID:13832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
      4⤵
      PID:8136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
      4⤵
      PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32623.exe
      4⤵
      PID:6192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 632
      4⤵
      Program crash
      PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 616
      4⤵
      Program crash
      PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
        7⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        7⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        7⤵
        
        PID:180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22009.exe
        6⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        6⤵
        
        PID:11048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        5⤵
        
        PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
      4⤵
      PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        5⤵
        
        PID:12820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        5⤵
        
        PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
      4⤵
      PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
      4⤵
      PID:11408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
      4⤵
      PID:13396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
      4⤵
      PID:12644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48295.exe
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48974.exe
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50241.exe
        5⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6824.exe
        6⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        6⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14639.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        5⤵
        
        PID:6304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        5⤵
        
        PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
      4⤵
      PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
        5⤵
        
        PID:7692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
      4⤵
      PID:8652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
    3⤵
    PID:6368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
    3⤵
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      4⤵
      PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
      4⤵
      PID:15080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
    3⤵
    PID:8404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
    3⤵
    PID:10512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
    3⤵
    PID:5444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 720
        6⤵
        Program crash
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        5⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        6⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        8⤵
        
        PID:11960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
        7⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8790.exe
        7⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3823.exe
        7⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2420.exe
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        7⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 632
        7⤵
        Program crash
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13031.exe
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        6⤵
        
        PID:14236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        6⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44024.exe
        5⤵
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        5⤵
        
        PID:11368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        5⤵
        
        PID:13364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25405.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 640
        5⤵
        Program crash
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
      4⤵
      PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39545.exe
        5⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        6⤵
        
        PID:9616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        6⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
      4⤵
      PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27190.exe
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
      4⤵
      PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64190.exe
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
      4⤵
      PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
      4⤵
      PID:16340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 636
        5⤵
        Program crash
        
        PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
      4⤵
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        6⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        6⤵
        
        PID:9968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        6⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        5⤵
        
        PID:2652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 472
        6⤵
        Program crash
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        5⤵
        
        PID:10668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30030.exe
        5⤵
        
        PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39759.exe
        5⤵
        
        PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1230.exe
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28315.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
        7⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        7⤵
        
        PID:15144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
      4⤵
      PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
        5⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        6⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
        5⤵
        
        PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61831.exe
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8623.exe
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61287.exe
        5⤵
        
        PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44249.exe
        5⤵
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
      4⤵
      PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      4⤵
      PID:10564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3319.exe
      4⤵
      PID:11224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-167.exe
    3⤵
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
        6⤵
        
        PID:15204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        5⤵
        
        PID:15020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 632
    3⤵
    - Program crash
    PID:4808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3416
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 644
    3⤵
    - Program crash
    PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
  2⤵
  PID:2300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
    3⤵
    PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
      4⤵
      PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
        5⤵
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        5⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
      4⤵
      PID:11956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
      4⤵
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
    3⤵
    PID:6236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
      4⤵
      PID:11060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49952.exe
      4⤵
      PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      4⤵
      PID:15296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
    3⤵
    PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
      4⤵
      PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
    3⤵
    PID:9608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
    3⤵
    PID:10804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27839.exe
    3⤵
    PID:15276
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
  2⤵
  PID:4180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
  2⤵
  PID:7568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
    3⤵
    PID:8912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
    3⤵
    PID:12376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
    3⤵
    PID:6552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
  2⤵
  PID:9832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
    3⤵
    PID:2228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
  2⤵
  PID:9560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
  2⤵
  PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1264 -ip 1264
1⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3688 -ip 3688
1⤵
PID:2484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2548 -ip 2548
1⤵
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1648 -ip 1648
1⤵
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3416 -ip 3416
1⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3712 -ip 3712
1⤵
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 1460 -ip 1460
1⤵
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 3632 -ip 3632
1⤵
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2032 -ip 2032
1⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2580 -ip 2580
1⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 668 -p 5076 -ip 5076
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 1892 -ip 1892
1⤵
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1904 -ip 1904
1⤵
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3520 -ip 3520
1⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2496 -ip 2496
1⤵
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 2452 -ip 2452
1⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 1772 -ip 1772
1⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 920 -ip 920
1⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5116 -ip 5116
1⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 924 -ip 924
1⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4588 -ip 4588
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2808 -ip 2808
1⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6244 -ip 6244
1⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4020 -ip 4020
1⤵
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2668 -ip 2668
1⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 3532 -ip 3532
1⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 5104 -ip 5104
1⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3688 -ip 3688
1⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2828 -ip 2828
1⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5820 -ip 5820
1⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 2720 -ip 2720
1⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1648 -ip 1648
1⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4776 -ip 4776
1⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 780 -ip 780
1⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 676 -p 4832 -ip 4832
1⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 1464 -ip 1464
1⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2748 -ip 2748
1⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 4996 -ip 4996
1⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5748 -ip 5748
1⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6368 -ip 6368
1⤵
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5196 -ip 5196
1⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4180 -ip 4180
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2484 -ip 2484
1⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5704 -ip 5704
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 6188 -ip 6188
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4908 -ip 4908
1⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1148 -ip 1148
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 6152 -ip 6152
1⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 5004 -ip 5004
1⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5076 -ip 5076
1⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5980 -ip 5980
1⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 3996 -ip 3996
1⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6204 -ip 6204
1⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 552 -ip 552
1⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 5164 -ip 5164
1⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5436 -ip 5436
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1324 -ip 1324
1⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5440 -ip 5440
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4408 -ip 4408
1⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5928 -ip 5928
1⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5576 -ip 5576
1⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5784 -ip 5784
1⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 5460 -ip 5460
1⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5552 -ip 5552
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 5584 -ip 5584
1⤵
PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5592 -ip 5592
1⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 5764 -ip 5764
1⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5368 -ip 5368
1⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5516 -ip 5516
1⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 5836 -ip 5836
1⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5536 -ip 5536
1⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 800 -p 5732 -ip 5732
1⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5740 -ip 5740
1⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 5892 -ip 5892
1⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5936 -ip 5936
1⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5852 -ip 5852
1⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1436 -ip 1436
1⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1900 -ip 1900
1⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1428 -ip 1428
1⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 3948 -ip 3948
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2288 -ip 2288
1⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 4864 -ip 4864
1⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 4808 -ip 4808
1⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 3648 -ip 3648
1⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 3744 -ip 3744
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 1688 -ip 1688
1⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 1656 -ip 1656
1⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 592 -ip 592
1⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4768 -ip 4768
1⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1032 -ip 1032
1⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 3932 -ip 3932
1⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4704 -ip 4704
1⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 880 -p 1260 -ip 1260
1⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4016 -ip 4016
1⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2652 -ip 2652
1⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1300 -ip 1300
1⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5220 -ip 5220
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 920 -p 6216 -ip 6216
1⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 4232 -ip 4232
1⤵
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 672 -ip 672
1⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2124 -ip 2124
1⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 932 -p 5356 -ip 5356
1⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6288 -ip 6288
1⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 6656 -ip 6656
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 5880 -ip 5880
1⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 6408 -ip 6408
1⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 6428 -ip 6428
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 936 -p 6972 -ip 6972
1⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4724 -ip 4724
1⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6552 -ip 6552
1⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 4512 -ip 4512
1⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 6860 -ip 6860
1⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 2052 -ip 2052
1⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1924 -ip 1924
1⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 6284 -ip 6284
1⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 6440 -ip 6440
1⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 8012 -ip 8012
1⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 2088 -ip 2088
1⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 8176 -ip 8176
1⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 11012 -ip 11012
1⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 6620 -ip 6620
1⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6160 -ip 6160
1⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 324 -ip 324
1⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2492 -ip 2492
1⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 2032 -ip 2032
1⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 7340 -ip 7340
1⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 3540 -ip 3540
1⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 4528 -ip 4528
1⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4332 -ip 4332
1⤵
PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 8296 -ip 8296
1⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 7952 -ip 7952
1⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 8148 -ip 8148
1⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7304 -ip 7304
1⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7916 -ip 7916
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6764 -ip 6764
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 7140 -ip 7140
1⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 6024 -ip 6024
1⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2412 -ip 2412
1⤵
PID:15168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7192 -ip 7192
1⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 9004 -ip 9004
1⤵
PID:15440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 9664 -ip 9664
1⤵
PID:15488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 7968 -ip 7968
1⤵
PID:15536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 8748 -ip 8748
1⤵
PID:15580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 8060 -ip 8060
1⤵
PID:15600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2252 -ip 2252
1⤵
PID:15620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 7560 -ip 7560
1⤵
PID:15652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6436 -ip 6436
1⤵
PID:15676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe

Filesize
184KB

MD5
5a8b192bedfc48dcabab0a5c08e72c52

SHA1
ac935aee78b707274b552665973c2491ece57ac9

SHA256
075996f8db8d0dbff74bd921d6c2d7747f8dcacedc559cd2d9bc2b9b16a36729

SHA512
79f827c8a24b63fa7089c4898d9dde8ca337f71dc0edc111022e6f465d8397a57fea01afd54ca19abc6f48949a84f14e921393f254bf951231fd272c95172303

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe

Filesize
184KB

MD5
9b353207fa0d5ce5d228f21420997fb0

SHA1
43717a43501cbbd76d0e105bce763b3cf8d9cc0d

SHA256
33352c364dc64b07b9689417af4236b052ca8289681630e234a3e0f9406bd002

SHA512
0ec3683aab5a12d726c8569aa183a14b43cf9df8c0c3631b31aa6666a13895b496ec2d7ab0daa67b66ff709acf99003ca3d1e4dd365573498727368eeb8768d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe

Filesize
184KB

MD5
a5cfe9aee44c4f33260f3012d36305aa

SHA1
31db1317001c18facbfcf5573ddd60d8ff8357a7

SHA256
d1e19a721ef30dbdb1fa0a08e106245ee4af401f1bca31753eac5cb209d030b4

SHA512
e1c49c85f10a6fd2151c3457b26ceaa69e360efe0bd3c10fcb9e6944fda354250f324eab1527b41eb5ada6bd3b8fe9cd7361d7d8c1244e6b6acbb32c72c4bf33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe

Filesize
184KB

MD5
4828891bae462a65182b20a4c7a7993a

SHA1
29a7ab685c3d122ef9789e19c9cf9d3d33c75727

SHA256
29397bb7b6e6e353c84fa602220e211a7daabf9f1dd284848718f7d98d5bc0bd

SHA512
c67bc898f8113eaf28fb227dd3d68f1ce8ef593cda0ed7f50e5df35d3d47989fc1e1eaccca1a81f1f5f372a0dacb09c99322fd3e51bd0c1e40feaf4f1d7b8058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe

Filesize
184KB

MD5
595510a5ab3c56278634c81cd67c172c

SHA1
6474da8de4d13af046387822dd6ec7e821399386

SHA256
c5ccdb80830e6eda3f57175fb75ba0ad06f692b7e6bfcbac4e1841c0e6d54606

SHA512
3d60724e5bbd78dc220a1011548eb16436649c41dedd3d870fbc86e1353ac6cf7cddd7e9e0b12fe3af591963986f1ad931752484f487b559087df6318e865317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25135.exe

Filesize
184KB

MD5
4fb166aaea9453c1bc609ece6846826c

SHA1
bef80ea131a7d5f4eff5465d657e41a54c8a8da5

SHA256
dc13c964b95525cc249fa644aec2da1b09b7d23dc9a93647baa3b715bbf00a22

SHA512
f656402ea387e6d331da14c5c97da4688de726d12770ce10b0b65af7d7f364ef7a39fd5c7ef6a27daf57b8455f931597183e7e10f6ab69b95a1b57ecac49b401

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe

Filesize
184KB

MD5
e8404e8bd90c5b765252ce5bedc6386f

SHA1
9b3ff85e4e0a4f28d7873dbb5b3c901c63778c4f

SHA256
7c3e8913f23c264df20f97b3323c51b937e1b25c53aa76ea83abbbddbe84e361

SHA512
a0a60ed18697d21875a396e0fa3dce7217c3f8f832ccc83752c777a7328d0f92210965875970f550d27862a100d4cc845eca42eb2cc98f385d5f0dd551285615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe

Filesize
184KB

MD5
17e29ea4425218f812f73c77381ec961

SHA1
e0d6006de28c825bb9ec83abcda6d5df030a27a3

SHA256
7eb67a240c0a952a94f2acbaf3a98983c4998058f2468f70ac7a1f145eb20531

SHA512
9bf4c6062a8e85dbed331c33a018d93c8448752b1845cc8d7297bdca14b157511f60c5c6b390a8bcc1616700fc8dd0d9e1b66c79db28da829b1f397fdb130793

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe

Filesize
184KB

MD5
678e88ef8a73cfb5bf28a3af70b3c1eb

SHA1
062eb8aff0a4f6e7be978c21284e9e6beb1d9e41

SHA256
fb22eddf6187a0c527ad3b8be723fcefdc5c13ba7938988e314b025c5fb673ef

SHA512
8f1fa81a9ed0e1a65f973978e4d5f57e05a953d02f01da451152a753080d677df5699f8522a600564ace0be3af589f8dc525ad707c7df9d01afc3ae6aaae08e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe

Filesize
184KB

MD5
cad60b182f21184c476ada7786ea8cb5

SHA1
58d8f0545886e989faf238bc12e03954c33357b9

SHA256
7d3132d8832466590c3e177cb1280010810571fba10f5194c63a04a65b0c89d7

SHA512
de12c40af7caa57c8ffc939ae4d78a88ed579c9a65bacd6156ff6668f2b86a0a1568daffe2f3d9e9ebeb2bfb4308c7ed1a73615d152d15d20128f8f832dbd9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe

Filesize
184KB

MD5
2ab48bee4cc6173a07e4bf48bee9c4ce

SHA1
7347404026cad2c9eb8451f36af025fa0b4a476b

SHA256
a7f01093e7fb8e72a5d01272c9a1237f55fa4413b8c007fc9b0f56630ad03265

SHA512
d287e905ecf3a6b3aa2718c243f481696e27a44b97571f29dc51fc162af3b05a1fbb808518920a10564c55dc6d94342730132692a1db9f64fadccb3f9ad62a99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe

Filesize
184KB

MD5
c7ee5e96435af3bf2b0a28fb27ef98ad

SHA1
141bf228d280eed4466d554f30b1991e0e2797ed

SHA256
0b965d1ab25bb6bc721e68aff413a43001125f6d2c49d39691f8568d69186102

SHA512
6831c1c42330cffa96728151422f6eb4a20f64e576b4d4724cd083738b20e8443b293e432684a45ccc909ca5171f19a6c45436daca03ee80321cbf69c2f03f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe

Filesize
184KB

MD5
4b43be06d836f165dc65ce03aaa71c91

SHA1
7419326fb3e56b9cb88a031ca47c92db619785a0

SHA256
9d776975f395b4043147dadff6a7ae3f8ebc4a594b6287e3fd5bd7c22ffa8ea4

SHA512
c82d7332318357b625acf2681bdf6dcd902cb6e1355816c82f0da3c49f2fad24ac3ae677f4fbe34e9b8fa473faadca2bc6bcc57f838003a6f9496c2317d3b0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38876.exe

Filesize
184KB

MD5
74dec9ddac0c0056c99ea677173f6189

SHA1
fbc1af8c5ce668925e3661e63b72beae208593c7

SHA256
da7f51726041728051ed24ed5025fa59df44a366e0cf07865752d0ab16f1e07c

SHA512
bcdf7a7e615b89c892d948e26bf4f5bd084ed1c58a081eabb60be3956b3e5bf1fa7d991bce01d3d6a7031856508275c274965e28d8085988a2cbbbdf0cd33249

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe

Filesize
184KB

MD5
b26917bdf5a7cbf4fad1d98ba1c64881

SHA1
aec3ebb58b669551fe82b8fcccb1daa927f28ebe

SHA256
168e0f3cf346254bf8dbee0039aa263cc0fdfdec67c549f49c74a22e67170c35

SHA512
04b79ccb7b67dcdca7a7596b7a8227d87bcb8665a5ccada2115b23398848d37fdb509a5570c27ba9da77a2e437987c189502d405f519e7bbf25340a90f28107b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe

Filesize
184KB

MD5
a4ea56aabc809463f2d316c0259a8dbb

SHA1
1921175ddddd234345557d534726462902308750

SHA256
e5d22578f978b8db3706039573b9bbbec52fdac782c3fa5ee1df980e8aee22f2

SHA512
8c54facce961e09a0cfeef397564091ea2b028c79d46c1be24111e610a572179e5d8026b43f202a3c56ec4534291785e2798136ca7e7d5d853fbf024ecac8c58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4160.exe

Filesize
184KB

MD5
6d2fde53d23b13a2230a4adaa3dd847c

SHA1
6edc23866279981ea3770d00491d075916daf024

SHA256
68a0f7f13a3d90a1ad68b7ef6bf65c7d8a53c718c3335043069250870f025bb7

SHA512
d9fad23c54496947fbc8303c24158cd6b456e95e4e00a935aed80410623120140f0494c9a1acd2f9faae3ab5e6c056b73499ea2043fceda9418fed9267b1cdb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe

Filesize
184KB

MD5
e4f1cf79c379348e9175778789395bb3

SHA1
3c2dd01b0d35095b048d511bc4b36db91adf9eae

SHA256
cd42ca35a3281f5946eef522f0e63b29184370e6c143b27d979bcb9ca28f7b9f

SHA512
f195fb1e7f3eb847676661e880965e710061569de2f18ab15c70183220921ef2457114fed52a5c2445d48475e0af19027f20d888fabff70641458a8024d3d852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe

Filesize
184KB

MD5
6690a0e51214d0c902b234fe09f0bba2

SHA1
26bb68e335676c44bd55735ea1b715e6435b2442

SHA256
65e535e9026f7aec9505cf1d1a6ae6fd0c609ac42a40a2e6d8461574fcea1bbc

SHA512
3adf2d8d34c83e107c8f184a6114799eb9106fd90e3a2dd1ab0508df7d79d0fbabbe8a623470ad54846949242ae2161207fc98cf6f23d27205df8179d248ee6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe

Filesize
184KB

MD5
a217a25f355f8ffae920f500f16b3eab

SHA1
1f07bf5ca01f20617d48a5f8b948a566793f2d3d

SHA256
e4bb511bf2cfd6fdc57816ddbfabf8236bb5dd0818b53abf1b06d86e5aea3973

SHA512
0fb44b189e5bc01688d93426407160e10b22abcd5ebf0a2e4d39910938607aace4f42de8b391bc265103b9960570f1bd87f4e1ef84501c167fa15aaae92ba862

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe

Filesize
184KB

MD5
31e333e0329b92c405db3963c1d9f2ae

SHA1
f08dd5074032bda79a11b645ac1254e26d90a1ee

SHA256
62328130d473fe1aa7783d68938ac7855fce74f74eec1d66dded079913e5ddb3

SHA512
d1e2fb19a52383b20d242037c64fc6c1e37b7b7610102870f6a8ae81b309bdf9c1e2a077ae0f930ec74c55878d1abf640640afe1dd3356e7dc75471f6fffe031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe

Filesize
184KB

MD5
9e7260882217a8cf517c00257ed739d6

SHA1
af7cb7e9097a1405892ed1ba199b40c0b9683cbb

SHA256
a686f5bb060104d208295e0bff470b67ff83d05944965804d1887168de087038

SHA512
efd382fbd4f914b2b3408667e17b776e60993108053bc7774829ac2e84e61ed22361ffb79aca240f7a163a10e79f6294020f7b5af2a23d80de3ede503435f240

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47231.exe

Filesize
184KB

MD5
590a3bc822a9b0260ea3d3772d7c377b

SHA1
19d2eee293efa79877161f8b7d097bad9f88b967

SHA256
37adfb7b3b14c710acdc1d38e54c0eae7053e160afd27d9e716be4b4cdcf09ea

SHA512
cb35d2e94312d3d6dbfd5f140704dd140d9366020c89d0532bd0473c05e7a5aa8fded75509f946d58bad0eaeb6d7f10d308890aa559281a59bb59ab1528915ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe

Filesize
184KB

MD5
471e03723c56416f1ca2bf63eaafdc07

SHA1
a6b13cc00fb5756a5b97d53326d1066df6ed928e

SHA256
fedf33c50845d035f58b4a4b6f103ab6392816cf1ccdfd724b65b8a502db19ad

SHA512
d5ddc78dc4b3c35e31d03ba065af7c4dd7ffe9d3d54472fe72f212f1a4270619b05904679b2f7b3c4946706d9af94b5f8487c0eb190e1e1067b4baaf38755d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe

Filesize
184KB

MD5
c185ece1683fe86826c1439d5866ed01

SHA1
6eaaeb78fb5e2c95341167ae06d04ee9c7c3d956

SHA256
2121112ec052101d903605cae735be4197e8ee6b740a64b4f7fb7a8f501f6fb4

SHA512
277fad5a50efb01becf7c36ea35cb973a46c32c595da66b0bb12b759cf825e1af44597532b47128920ddd741c294b95f54a99aef64ba539289a2312c9f46519e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe

Filesize
184KB

MD5
306cbb27c4890ae6878eb27da330c3b6

SHA1
1331a0baea7dd97e5e4fd4be5bf5768a55a09654

SHA256
8a3c63464ad7d2b677a7cd0c37470df5fdedfd7efabba727337b870aec09ed45

SHA512
05084dfc8d794255139d82d9c4e25bd86c8f3ed179652fa6fe7e928e7b2814557894cd2ab6afe7a218ed553345e1bfe81168fe44ba207dbdce915eb9e18b3c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5566.exe

Filesize
184KB

MD5
7e6f7589dbe25669e9097eefa474f62c

SHA1
b22c66890472208a72a5d87e4685c4e4de28d77b

SHA256
8b8723c9dcf3840749357e7c6ca0f114093f6548105b99977581748573e7f8f3

SHA512
b3c405f5a196f73b210d0017876eb420d8bd367497037d7d5db576e8c42840fe2f7cd9b8d8a3a4e205775656a9606c13eb1ddd5647372b58c48e96ea23de481e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe

Filesize
184KB

MD5
de27d3de2d533470a358aa8d7fb69f3d

SHA1
355cdb92b00b7f985cf816e8279470393a3197cf

SHA256
8a8080495c44b5172d1736b8d254a10a5bbd6d8143cd598862126cd648fbc47f

SHA512
c5cab1c85ef60e6822c75b69b202f9d9cbf0336a346f1d7707d5655d044a45346307a3cad9439db9be9cee9b5666f656c06aa1432ce980e2b1797fc03ec7c7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe

Filesize
184KB

MD5
ba789a6fb2ef5f02924f0bf4691c14fe

SHA1
e3fc12a33247ca9b087bdbc05c4bb32e0710b439

SHA256
e903dce8d354a0ce58075a35d2ddcc51994d6ced2147b4f46042a45c41628966

SHA512
0cd292f3d4d7e4afb95ff4f95de0b9d0f3f71761ca1a48e473c7d930ca46c0a61f67d32bf46a607526b36ecab701b4dc24189b2127e7857de4c33a092a84f124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe

Filesize
184KB

MD5
39d63c6551151895e56fa1094efb102c

SHA1
8c1ee379b04ef5499bd40c7264512ecbc0ea2676

SHA256
33c2470f804422aa571d2be65303a92b245d260790fe6ee5288bc0bab190f8a7

SHA512
0c605e2fbd341a34253064e614553ce7d16d20af7a5b0d498c978a06a414fe2732a8252d42f61bc220c394f5dec2537493051bd75e08db0f115ce575f55b2d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe

Filesize
184KB

MD5
18925d247dc327055c60eabc0f8d9d53

SHA1
be5525d99adb97d2ea5c6910f77d3210c3936dab

SHA256
f00a7a3a85e55e20b4b6265344b85ec3bcc95507193d9450f7674f6f8e0897e4

SHA512
d2825d8d4ddac6037984bf453582fed46606651f635f86e9bd189c6b29eacda439b8218251c34643b0271c2b35d935ce01a2522b41e41763943c27424a1882b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe

Filesize
184KB

MD5
d3d35a8d3e50e9b5c0cc273f3797919e

SHA1
8d38edd5e1abe49a274aa70ea294649b9d0f1a2d

SHA256
179fe8e4a4d39b83560496fa48bdfc2e647d021a532da905b2595aca6d0d7a06

SHA512
8af54384feef7d08455005672392e0c2eae5eaa165b389e32724f3f1219049f3deddc8b3bbe1400d4d579622dd0f8a65807296c18bb22caf0b3b5cfb6d54fb86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe

Filesize
184KB

MD5
ea3f0ee2fef5243bc2ee1768eefe4af8

SHA1
5f59944fb3e32da8efa746013bda47fb848a161f

SHA256
a48a018d0ef7a600b538c6b5077a3ca3fc50b6e70e9034577eccc7131af3c8c3

SHA512
e2e44db746f49078cb0de50c0dce2852245c859e5915877f7783a878ad5a531846949058ba00f734e462e0830c5282196dda7b81b852493348b1592018a95f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe

Filesize
184KB

MD5
1056f5b92f38d240e2968f23d7f326a0

SHA1
7abf7150dbd151d6210a86282971a68c0568af92

SHA256
144cb493411cab0fa69d269348790651666263d45219b17ab43e0762f8be4b72

SHA512
25e23d0f65c70628d15df413158a1a4496b1fd31c6d9949c5b9aa4914b8289cc2bdfe2b2e99e5cfdb7182880053aa4c6a7fc5e17151e00f1c698a3867a40a936

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9432.exe

Filesize
184KB

MD5
3fe6a92d107e073021ef109ce2274154

SHA1
484833d701ccc1fa310fe147d8f2f58b1fbed8e6

SHA256
5340b372dea12c0e20942d7ac4537efcfe45fb7fa70959ab1983b656eb5e2501

SHA512
b909ba23eac268ba23267a07b6542c69aca76603d06a15d3b34140c44d8280855cb4dc51402ccb32c15252a4d63a5cb21697cfecefb1df7efc06b6e8cc6995d7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads