cac2108821c481710c1d23387799fae1e1ab32592997e4179a94640979c9077a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
Size

192KB
MD5

37df679a188819bb9d928ca0358e253d
SHA1

00980ebcf16e7ee2dbc4078f3dd8cd178ec39c1b
SHA256

cac2108821c481710c1d23387799fae1e1ab32592997e4179a94640979c9077a
SHA512

2d67a360093e3ab333d8c220b02ee95c19af9872783e5558610b6e0f3238af5027c883a49159d2b8c796e17bf18d0f11ba116f901bd5a456035514288d4dbe82
SSDEEP

3072:9zHToASwBPTUAbC0lky/rn8b6r2fr3cQTdcFx74ggG2lVvMj:9zzoO7PbZkgrn8qiad2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-3384.exe
2744	Unicorn-21640.exe
2668	Unicorn-49866.exe
2576	Unicorn-18668.exe
2588	Unicorn-22237.exe
2556	Unicorn-2331.exe
608	Unicorn-45320.exe
1900	Unicorn-65185.exe
300	Unicorn-48657.exe
264	Unicorn-15793.exe
1696	Unicorn-53296.exe
2516	Unicorn-21530.exe
1888	Unicorn-2562.exe
2208	Unicorn-26744.exe
2956	Unicorn-46610.exe
1664	Unicorn-2048.exe
448	Unicorn-18576.exe
1528	Unicorn-21914.exe
1692	Unicorn-7627.exe
604	Unicorn-45131.exe
296	Unicorn-8011.exe
3068	Unicorn-26652.exe
2240	Unicorn-1955.exe
1944	Unicorn-39458.exe
3036	Unicorn-59324.exe
1728	Unicorn-42796.exe
1412	Unicorn-22930.exe
1332	Unicorn-17223.exe
2172	Unicorn-6594.exe
2944	Unicorn-2661.exe
2736	Unicorn-48333.exe
2644	Unicorn-42625.exe
2604	Unicorn-12749.exe
2340	Unicorn-32847.exe
376	Unicorn-11680.exe
2724	Unicorn-49184.exe
1776	Unicorn-52521.exe
1652	Unicorn-24487.exe
484	Unicorn-27825.exe
2344	Unicorn-36761.exe
540	Unicorn-28401.exe
2864	Unicorn-20233.exe
2892	Unicorn-367.exe
1904	Unicorn-57736.exe
1704	Unicorn-12064.exe
2940	Unicorn-3896.exe
2952	Unicorn-49568.exe
2528	Unicorn-65515.exe
2600	Unicorn-29313.exe
1852	Unicorn-32651.exe
2716	Unicorn-24483.exe
656	Unicorn-61986.exe
2556	Unicorn-6138.exe
1088	Unicorn-43641.exe
272	Unicorn-55147.exe
2636	Unicorn-5946.exe
1988	Unicorn-43449.exe
1572	Unicorn-63315.exe
2284	Unicorn-60362.exe
2272	Unicorn-22859.exe
608	Unicorn-6522.exe
2664	Unicorn-44026.exe
2772	Unicorn-22667.exe
264	Unicorn-43834.exe

Loads dropped DLL 64 IoCs

pid	Process
1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
3028	Unicorn-3384.exe
1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
3028	Unicorn-3384.exe
2744	Unicorn-21640.exe
2744	Unicorn-21640.exe
3028	Unicorn-3384.exe
3028	Unicorn-3384.exe
2668	Unicorn-49866.exe
2668	Unicorn-49866.exe
2744	Unicorn-21640.exe
2576	Unicorn-18668.exe
2744	Unicorn-21640.exe
2576	Unicorn-18668.exe
2588	Unicorn-22237.exe
2588	Unicorn-22237.exe
2556	Unicorn-2331.exe
2556	Unicorn-2331.exe
2668	Unicorn-49866.exe
2668	Unicorn-49866.exe
608	Unicorn-45320.exe
608	Unicorn-45320.exe
264	Unicorn-15793.exe
2556	Unicorn-2331.exe
264	Unicorn-15793.exe
1900	Unicorn-65185.exe
1900	Unicorn-65185.exe
2556	Unicorn-2331.exe
2576	Unicorn-18668.exe
2576	Unicorn-18668.exe
2588	Unicorn-22237.exe
2588	Unicorn-22237.exe
300	Unicorn-48657.exe
300	Unicorn-48657.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2516	Unicorn-21530.exe
2516	Unicorn-21530.exe
608	Unicorn-45320.exe
608	Unicorn-45320.exe
2208	Unicorn-26744.exe
2208	Unicorn-26744.exe
1664	Unicorn-2048.exe
1664	Unicorn-2048.exe
1528	Unicorn-21914.exe
1528	Unicorn-21914.exe
300	Unicorn-48657.exe
300	Unicorn-48657.exe
448	Unicorn-18576.exe
448	Unicorn-18576.exe
1900	Unicorn-65185.exe
2956	Unicorn-46610.exe
1900	Unicorn-65185.exe
2956	Unicorn-46610.exe
1888	Unicorn-2562.exe
1888	Unicorn-2562.exe
264	Unicorn-15793.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2380	1696	WerFault.exe	40
1188	1652	WerFault.exe	68
348	1728	WerFault.exe	57
828	264	WerFault.exe	95
3012	2272	WerFault.exe	90
2384	376	WerFault.exe	65
1336	1596	WerFault.exe	106
860	540	WerFault.exe	71
1664	1904	WerFault.exe	75
988	2940	WerFault.exe	77
2444	656	WerFault.exe	82
1312	2808	WerFault.exe	118
2908	1572	WerFault.exe	88
1296	2348	WerFault.exe	126
2856	2896	WerFault.exe	102
2728	2296	WerFault.exe	148
2756	1756	WerFault.exe	138
2004	2900	WerFault.exe	100
2708	324	WerFault.exe	145
2800	572	WerFault.exe	121
3136	2372	WerFault.exe	156
3240	1720	WerFault.exe	176
3256	2500	WerFault.exe	172
3308	1528	WerFault.exe	116
3444	1680	WerFault.exe	177
1940	1392	WerFault.exe	210
3916	864	WerFault.exe	211
3420	2520	WerFault.exe	213
3588	3272	WerFault.exe	242
3840	3460	WerFault.exe	249
3992	3316	WerFault.exe	244
3600	3080	WerFault.exe	234
3852	112	WerFault.exe	224
1272	3936	WerFault.exe	254
3208	3220	WerFault.exe	258
2028	3480	WerFault.exe	262
3900	2412	WerFault.exe	204
1520	3780	WerFault.exe	268
2804	3376	WerFault.exe	285
2964	3052	WerFault.exe	366
1304	3228	WerFault.exe	316
3984	3860	WerFault.exe	319
2852	3360	WerFault.exe	327
3196	3680	WerFault.exe	335
1512	536	WerFault.exe	340
3040	2612	WerFault.exe	376
2212	3800	WerFault.exe	352
3908	3880	WerFault.exe	359
3116	2476	WerFault.exe	369
3872	2356	WerFault.exe	372
3292	3232	WerFault.exe	387
3972	2872	WerFault.exe	389
300	2284	WerFault.exe	394
4104	3192	WerFault.exe	410
4264	3440	WerFault.exe	415
5072	3736	WerFault.exe	429
4380	3340	WerFault.exe	430
4560	4012	WerFault.exe	438
4760	3756	WerFault.exe	457
4112	1852	WerFault.exe	475
4408	3452	WerFault.exe	384
3504	4536	WerFault.exe	486
4792	4400	WerFault.exe	561
4632	4056	WerFault.exe	451

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\Unicorn-63473C:\Users\Admin\AppData\Local\Temp\Unicorn-63473	Unicorn-32097.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
3028	Unicorn-3384.exe
2744	Unicorn-21640.exe
2668	Unicorn-49866.exe
2576	Unicorn-18668.exe
2588	Unicorn-22237.exe
2556	Unicorn-2331.exe
608	Unicorn-45320.exe
1900	Unicorn-65185.exe
300	Unicorn-48657.exe
264	Unicorn-15793.exe
1696	Unicorn-53296.exe
2516	Unicorn-21530.exe
2208	Unicorn-26744.exe
1888	Unicorn-2562.exe
1664	Unicorn-2048.exe
2956	Unicorn-46610.exe
448	Unicorn-18576.exe
1528	Unicorn-21914.exe
1692	Unicorn-7627.exe
604	Unicorn-45131.exe
296	Unicorn-8011.exe
3068	Unicorn-26652.exe
2240	Unicorn-1955.exe
1944	Unicorn-39458.exe
1412	Unicorn-22930.exe
1728	Unicorn-42796.exe
3036	Unicorn-59324.exe
1332	Unicorn-17223.exe
2172	Unicorn-6594.exe
2944	Unicorn-2661.exe
2736	Unicorn-48333.exe
2644	Unicorn-42625.exe
2604	Unicorn-12749.exe
2340	Unicorn-32847.exe
376	Unicorn-11680.exe
2724	Unicorn-49184.exe
1776	Unicorn-52521.exe
1652	Unicorn-24487.exe
484	Unicorn-27825.exe
2344	Unicorn-36761.exe
540	Unicorn-28401.exe
2864	Unicorn-20233.exe
1904	Unicorn-57736.exe
2892	Unicorn-367.exe
2940	Unicorn-3896.exe
1704	Unicorn-12064.exe
2952	Unicorn-49568.exe
2528	Unicorn-65515.exe
2600	Unicorn-29313.exe
1852	Unicorn-32651.exe
2716	Unicorn-24483.exe
656	Unicorn-61986.exe
2556	Unicorn-6138.exe
1088	Unicorn-43641.exe
272	Unicorn-55147.exe
1572	Unicorn-63315.exe
1988	Unicorn-43449.exe
2636	Unicorn-5946.exe
2284	Unicorn-60362.exe
2272	Unicorn-22859.exe
608	Unicorn-6522.exe
2664	Unicorn-44026.exe
2772	Unicorn-22667.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 3028	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	30
PID 1308 wrote to memory of 3028	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	30
PID 1308 wrote to memory of 3028	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	30
PID 1308 wrote to memory of 3028	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	30
PID 1308 wrote to memory of 2744	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	32
PID 1308 wrote to memory of 2744	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	32
PID 1308 wrote to memory of 2744	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	32
PID 1308 wrote to memory of 2744	1308	37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe	32
PID 3028 wrote to memory of 2668	3028	Unicorn-3384.exe	31
PID 3028 wrote to memory of 2668	3028	Unicorn-3384.exe	31
PID 3028 wrote to memory of 2668	3028	Unicorn-3384.exe	31
PID 3028 wrote to memory of 2668	3028	Unicorn-3384.exe	31
PID 2744 wrote to memory of 2576	2744	Unicorn-21640.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-21640.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-21640.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-21640.exe	33
PID 3028 wrote to memory of 2588	3028	Unicorn-3384.exe	34
PID 3028 wrote to memory of 2588	3028	Unicorn-3384.exe	34
PID 3028 wrote to memory of 2588	3028	Unicorn-3384.exe	34
PID 3028 wrote to memory of 2588	3028	Unicorn-3384.exe	34
PID 2668 wrote to memory of 2556	2668	Unicorn-49866.exe	35
PID 2668 wrote to memory of 2556	2668	Unicorn-49866.exe	35
PID 2668 wrote to memory of 2556	2668	Unicorn-49866.exe	35
PID 2668 wrote to memory of 2556	2668	Unicorn-49866.exe	35
PID 2744 wrote to memory of 608	2744	Unicorn-21640.exe	37
PID 2744 wrote to memory of 608	2744	Unicorn-21640.exe	37
PID 2744 wrote to memory of 608	2744	Unicorn-21640.exe	37
PID 2744 wrote to memory of 608	2744	Unicorn-21640.exe	37
PID 2576 wrote to memory of 1900	2576	Unicorn-18668.exe	36
PID 2576 wrote to memory of 1900	2576	Unicorn-18668.exe	36
PID 2576 wrote to memory of 1900	2576	Unicorn-18668.exe	36
PID 2576 wrote to memory of 1900	2576	Unicorn-18668.exe	36
PID 2588 wrote to memory of 300	2588	Unicorn-22237.exe	38
PID 2588 wrote to memory of 300	2588	Unicorn-22237.exe	38
PID 2588 wrote to memory of 300	2588	Unicorn-22237.exe	38
PID 2588 wrote to memory of 300	2588	Unicorn-22237.exe	38
PID 2556 wrote to memory of 264	2556	Unicorn-2331.exe	39
PID 2556 wrote to memory of 264	2556	Unicorn-2331.exe	39
PID 2556 wrote to memory of 264	2556	Unicorn-2331.exe	39
PID 2556 wrote to memory of 264	2556	Unicorn-2331.exe	39
PID 2668 wrote to memory of 1696	2668	Unicorn-49866.exe	40
PID 2668 wrote to memory of 1696	2668	Unicorn-49866.exe	40
PID 2668 wrote to memory of 1696	2668	Unicorn-49866.exe	40
PID 2668 wrote to memory of 1696	2668	Unicorn-49866.exe	40
PID 608 wrote to memory of 2516	608	Unicorn-45320.exe	41
PID 608 wrote to memory of 2516	608	Unicorn-45320.exe	41
PID 608 wrote to memory of 2516	608	Unicorn-45320.exe	41
PID 608 wrote to memory of 2516	608	Unicorn-45320.exe	41
PID 264 wrote to memory of 1888	264	Unicorn-15793.exe	42
PID 264 wrote to memory of 1888	264	Unicorn-15793.exe	42
PID 264 wrote to memory of 1888	264	Unicorn-15793.exe	42
PID 264 wrote to memory of 1888	264	Unicorn-15793.exe	42
PID 1900 wrote to memory of 2956	1900	Unicorn-65185.exe	44
PID 1900 wrote to memory of 2956	1900	Unicorn-65185.exe	44
PID 1900 wrote to memory of 2956	1900	Unicorn-65185.exe	44
PID 1900 wrote to memory of 2956	1900	Unicorn-65185.exe	44
PID 2556 wrote to memory of 2208	2556	Unicorn-2331.exe	43
PID 2556 wrote to memory of 2208	2556	Unicorn-2331.exe	43
PID 2556 wrote to memory of 2208	2556	Unicorn-2331.exe	43
PID 2556 wrote to memory of 2208	2556	Unicorn-2331.exe	43
PID 1696 wrote to memory of 2380	1696	Unicorn-53296.exe	45
PID 1696 wrote to memory of 2380	1696	Unicorn-53296.exe	45
PID 1696 wrote to memory of 2380	1696	Unicorn-53296.exe	45
PID 1696 wrote to memory of 2380	1696	Unicorn-53296.exe	45

C:\Users\Admin\AppData\Local\Temp\37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\37df679a188819bb9d928ca0358e253d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        9⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        10⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
        11⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        14⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
        16⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58403.exe
        17⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        18⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49239.exe
        19⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        20⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43259.exe
        21⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        9⤵
        Program crash
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        11⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 224
        12⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 248
        11⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23538.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        11⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        12⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
        13⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 220
        14⤵
        Program crash
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        14⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        15⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        16⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        17⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61133.exe
        18⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        19⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
        20⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe
        16⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        17⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1756.exe
        18⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        19⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16520.exe
        12⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8882.exe
        13⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
        14⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        15⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 220
        16⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        15⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        16⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
        17⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        18⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        19⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        11⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3661.exe
        12⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        13⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 220
        14⤵
        Program crash
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49418.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        10⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60207.exe
        11⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21282.exe
        12⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31539.exe
        13⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        14⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        15⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        17⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        18⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 224
        19⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
        15⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        16⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        17⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 224
        18⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        17⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
        18⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33791.exe
        19⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        20⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24353.exe
        19⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        20⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        14⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
        15⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
        16⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 244
        17⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        12⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
        13⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
        14⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        15⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        16⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        17⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        18⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        19⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        20⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        21⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18464.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        10⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 224
        11⤵
        Program crash
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37434.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        11⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 224
        12⤵
        Program crash
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24722.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53471.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2127.exe
        10⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 220
        11⤵
        Program crash
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
        10⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 224
        11⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47799.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
        12⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        13⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        14⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        16⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
        17⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        18⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        19⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        20⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 224
        21⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        17⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        18⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        19⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
        20⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 220
        21⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 248
        8⤵
        Program crash
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        10⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 224
        11⤵
        Program crash
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        11⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 220
        12⤵
        Program crash
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        10⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        11⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        12⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        13⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        14⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        15⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        16⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        17⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
        18⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        19⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        20⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21433.exe
        21⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64810.exe
        19⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 240
        20⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        16⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        17⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        18⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        13⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
        14⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        15⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        16⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        17⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        18⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        19⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        15⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
        16⤵
        
        PID:272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        17⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51847.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        11⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64777.exe
        12⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        13⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 220
        14⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        10⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        11⤵
        Program crash
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        10⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 224
        11⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16466.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24663.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        14⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        15⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
        15⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        14⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 220
        15⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36490.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        14⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        15⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
        16⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        11⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 224
        12⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 248
        9⤵
        Program crash
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        9⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        11⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
        12⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        13⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        14⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        15⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        16⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        17⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        18⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22130.exe
        19⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        20⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        21⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        22⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        13⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        14⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        15⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        16⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        17⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 244
        18⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        17⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 244
        18⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        16⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36961.exe
        17⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        18⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        19⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        20⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        12⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        15⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 240
        16⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11784.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60337.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50117.exe
        12⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        13⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        14⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        15⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        12⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        13⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 220
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
        11⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        13⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        14⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        15⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44563.exe
        16⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
        17⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 224
        18⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        9⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14208.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31508.exe
        12⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        13⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        14⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11228.exe
        16⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        17⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        18⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        19⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        20⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        21⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        22⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
        17⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        18⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        19⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        20⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        13⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        14⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 224
        15⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
        11⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        13⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        14⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        16⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        17⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4480.exe
        18⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        19⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        20⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 244
        21⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 376
        20⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 376
        19⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 376
        18⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        17⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        18⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        19⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 224
        20⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        16⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        17⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        18⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1180.exe
        19⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9242.exe
        20⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        21⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
        12⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        14⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 240
        15⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21993.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
        12⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        13⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 224
        14⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
        9⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 224
        10⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1660.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
        11⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        12⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        13⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60429.exe
        14⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        15⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 240
        16⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56773.exe
        14⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        15⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        16⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        17⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        18⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        19⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
        18⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 376
        13⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 376
        12⤵
        Program crash
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        11⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        12⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        16⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        17⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 224
        18⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 376
        17⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 376
        16⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 376
        15⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        14⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        15⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
        16⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 224
        17⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 376
        16⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 376
        15⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 380
        14⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 376
        13⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 368
        12⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 376
        11⤵
        Program crash
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        8⤵
        Program crash
        
        PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22859.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 224
        9⤵
        Program crash
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34992.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        12⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22593.exe
        13⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        14⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 188
        15⤵
        Program crash
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        10⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        8⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 224
        9⤵
        Program crash
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        10⤵
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
        11⤵
        Program crash
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 244
        7⤵
        Program crash
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        9⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 244
        10⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        10⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 240
        11⤵
        Program crash
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        12⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        13⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        15⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
        16⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        17⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40386.exe
        18⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        19⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        20⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46744.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
        12⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        13⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        14⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
        15⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        16⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        17⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        18⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        11⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        13⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        14⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        15⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        16⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 220
        17⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
        13⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        14⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        15⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        16⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16780.exe
        17⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16962.exe
        18⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29528.exe
        19⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        10⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        11⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23574.exe
        12⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        13⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 244
        14⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
        12⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        13⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50811.exe
        14⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 220
        15⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        8⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 240
        9⤵
        Program crash
        
        PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        11⤵
        
        PID:3052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 188
        12⤵
        Program crash
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        11⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        12⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        13⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        14⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        15⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        16⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
        17⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        18⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        19⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
        20⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        15⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 224
        16⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47035.exe
        13⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        14⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36395.exe
        15⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        16⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        17⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43306.exe
        15⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38871.exe
        16⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 220
        17⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        11⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1866.exe
        12⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
        13⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        14⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        15⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        16⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
        17⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        18⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        11⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 220
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        11⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9640.exe
        12⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        13⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        14⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        15⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        16⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        17⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        18⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
        19⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        14⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30106.exe
        15⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-220.exe
        16⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25003.exe
        17⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        18⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        13⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        14⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
        15⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        16⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 244
        17⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
        7⤵
        Program crash
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21484.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59833.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        10⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 220
        11⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4192.exe
        8⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 244
        9⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
        7⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        Program crash
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        7⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 244
        8⤵
        Program crash
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 248
        7⤵
        Program crash
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8712.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52553.exe
        9⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 220
        10⤵
        Program crash
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        10⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 244
        11⤵
        Program crash
        
        PID:4760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        12⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
        13⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59567.exe
        14⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52219.exe
        15⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        16⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
        17⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        18⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 244
        19⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26413.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
        17⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        18⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        19⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
        20⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22320.exe
        21⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7465.exe
        14⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59972.exe
        15⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        16⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-157.exe
        17⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        18⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36406.exe
        19⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40428.exe
        20⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59860.exe
        21⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        13⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64274.exe
        14⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        15⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        16⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22088.exe
        17⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
        18⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 220
        19⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
        17⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
        18⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        19⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        20⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        21⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        16⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        17⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        18⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
        19⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        20⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50589.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
        12⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 240
        13⤵
        Program crash
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        9⤵
        Program crash
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        11⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        12⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 240
        13⤵
        Program crash
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        10⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 220
        11⤵
        Program crash
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        7⤵
        Program crash
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        7⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        8⤵
        Program crash
        
        PID:1336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        7⤵
        Program crash
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28391.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51328.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
        12⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        13⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        14⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16387.exe
        15⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        16⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63696.exe
        17⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        18⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 220
        19⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 236
        18⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        17⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
        18⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
        19⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 224
        20⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        16⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        17⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe
        18⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        19⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        20⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27203.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9598.exe
        12⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28613.exe
        13⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        14⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        15⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        16⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        17⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe
        18⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        19⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        20⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        21⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        16⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 224
        17⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        15⤵
        NTFS ADS
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 220
        16⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        13⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        14⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        15⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        16⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
        17⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        14⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38476.exe
        15⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        16⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
        17⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        18⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
        10⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        11⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        11⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        12⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        13⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        14⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        15⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        16⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        17⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        18⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
        19⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        6⤵
        Executes dropped EXE
        
        PID:264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 244
        7⤵
        Program crash
        
        PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        12⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        14⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35359.exe
        15⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        16⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 224
        17⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        14⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        15⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        16⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        17⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
        18⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        19⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        20⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        13⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        15⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 224
        16⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        10⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 244
        11⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64763.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        11⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        12⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46978.exe
        13⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        14⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        15⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13203.exe
        16⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        17⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        18⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        12⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4855.exe
        13⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        14⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        15⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        16⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        17⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        18⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        19⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 244
        20⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28451.exe
        17⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
        18⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 240
        19⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        15⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        16⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        17⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 224
        18⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        17⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
        16⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        7⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        8⤵
        Program crash
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11063.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55189.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40768.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        12⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        13⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        14⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        15⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 224
        16⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        11⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        12⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59277.exe
        14⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        15⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        16⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        17⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 220
        18⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
        11⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 224
        12⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        11⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 224
        12⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 248
        7⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        7⤵
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 244
        8⤵
        Program crash
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        7⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
        6⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        11⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        12⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        13⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 240
        14⤵
        
        PID:5824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65515.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29128.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
        11⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        13⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 224
        14⤵
        Program crash
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        11⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        12⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        13⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        15⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60346.exe
        16⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        17⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        18⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52721.exe
        19⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
        20⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        21⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        22⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
        18⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        19⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        20⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        21⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54926.exe
        17⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        18⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        19⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        20⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60171.exe
        21⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        14⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
        15⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        16⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        17⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        18⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        19⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        20⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        16⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
        11⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 224
        12⤵
        Program crash
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        10⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 216
        10⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
        9⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 224
        10⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4450.exe
        12⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
        13⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        14⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        15⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        16⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 220
        17⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47846.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        12⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        13⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        14⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 224
        15⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        11⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 200
        12⤵
        Program crash
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8001.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45016.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        12⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        13⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20274.exe
        14⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        15⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        16⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        17⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        18⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44017.exe
        19⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12106.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        10⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        11⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        12⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47938.exe
        13⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        15⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        16⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16183.exe
        17⤵
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 220
        18⤵
        
        PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33985.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        12⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        12⤵
        Program crash
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        10⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 224
        11⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        7⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        10⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        11⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        12⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 224
        13⤵
        
        PID:4484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        8⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 220
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53009.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        9⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 244
        10⤵
        Program crash
        
        PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        8⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        9⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
        11⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-501.exe
        12⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        13⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        14⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
        15⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        16⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 188
        17⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        7⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        8⤵
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 244
        9⤵
        Program crash
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        9⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        10⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        11⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        12⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        13⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
        15⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        16⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        17⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        18⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        19⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        11⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        12⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
        14⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        15⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-251.exe
        16⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        17⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
        18⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        19⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        18⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24090.exe
        14⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        15⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        16⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        17⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        10⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40465.exe
        11⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        12⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 244
        13⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61177.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44385.exe
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25732.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        12⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
        13⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        14⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 244
        15⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
        6⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
        12⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5945.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        14⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        15⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
        16⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 224
        17⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        15⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5217.exe
        16⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
        17⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        18⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        11⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        13⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        14⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
        16⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        17⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        18⤵
        
        PID:6532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 248
        6⤵
        Program crash
        
        PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13961.exe

Filesize
192KB

MD5
9126b980f0abee3b7c50b693ae0e0f43

SHA1
b83fe707481cc1f7609b12d3a9fc17ea1d84ae4a

SHA256
64b4a6f6dbb2cb97df2ea6714b2d3dc5c39e79b727c06dd2645b419cee71216d

SHA512
bf0821953c0733543f1bab4c7749230bafc195e64bcf2be3da2542e918e36e5440b9edcb0a9a283e11bc1f0802d5b2645830f4fe87635c164aedc4b56419a6e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe

Filesize
192KB

MD5
02749c2c04a4f31edc46fcd6fa2e282e

SHA1
be456fbf529b538211a0b051eed7d7f8229e7e86

SHA256
18119baff16ab95e918c8bb15d9573398e92b1873f2feb1060f001371f13380b

SHA512
cc57dcd4514ce3d2242af907b42a5dd697b294aab0d67917003ef768352da3ba81438549aefa5e3380ecc8bf3b21f4b4ea044d7750278fb2c06edc0e1ef0c57a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe

Filesize
192KB

MD5
8aef6c025ba6f78798f2fd40ff99ddbd

SHA1
7a3c63e2a134f18374b2c72d8766af3990b7fbdb

SHA256
517feabf42653d93b57f59d2aec1f02e8cbe1d63ad94a91974bf18596e625bc9

SHA512
62d8e839b4c2549288748ea4900bebfa61ae7df2cd3f3f7fda9e5854161ffb6104bb50e8a9cc5f2aea13264e131a4ce891c9a978c3e26e35b759ff4b14ff2dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe

Filesize
192KB

MD5
20d57a52f6ed570b49dd06a591d249c7

SHA1
3bd318be150d8634efb27d82a68f36ce826e83dc

SHA256
4157e0053d328c06716195f4fa4bee23e333a43a1e5291060ff5411aa3d78713

SHA512
a076d5c257676578bbc00d0cd90e5e0b6776a847324075dd35b11ba2ca72ec2ffcd55a545ffaf31bb9ad52e9c0a0e750d6fe8194bb163c656401321c687b13c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe

Filesize
192KB

MD5
077831473413dacab6c9cdfe1348021f

SHA1
efe25e460fad952d54107379d5a206c4a279499f

SHA256
6b72b3fc5a8cecf03f3f5d37de9c80bdb93585b7deba2d24418438d335db7a5b

SHA512
75cd82d7098ae240aa9298b0c2936f5dda58562d7b04449417248843dbba91eee80fc00e707622e4131f0b77b01a9ea99f8a4b213fa113da2e3c032f52d532c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe

Filesize
192KB

MD5
b70e3c01476974de1105ccde4f0903e9

SHA1
4d10224390abc4a1c456690b01219a0db9cbea3c

SHA256
3719e64475df5677f1bd8b88978a4082d59d28e5c77dc43eff4ea034f91f225c

SHA512
fb3427ed9ad3ae5f8621b7af69a4cbf979740677feef7542a5c3762e25c18fbeca65740d2ab4ac2374c76cc91f0e31467a371aa3d5bfa2080cf366555c6ce1f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21640.exe

Filesize
192KB

MD5
a6181df578b69736639e3a928db984a2

SHA1
0bdef268da7cb00dda5f188d57f9432a92b37b25

SHA256
6c902b05051c59048a0a6d2ca7c3ccc093b6932c298ee1950b1ba56ed9a152e2

SHA512
e261af4dec8752248c10aaa2555005d2e77aaa748af586bad0f91b49239cce2327d1825b339145eac3f2cebb25bdda19a7d52036f71851a419b9bdc591071c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe

Filesize
192KB

MD5
65486d4ef793b734ce078072cd8ad1ee

SHA1
39e5e43474b8e263d64249e2c79bfa5e5d6ea6e7

SHA256
075d27b07745b1cbc1d0d6b76995a536c0716f1745a54f177afb77dba2cff76e

SHA512
735bf72ea9cf84039317dfd351baf6b0f1335a859f2c987c62444aa73813aefdb26da042388267cf683527355d94a02290fe7fa0ff9bdf0bd89aaa44f5085cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe

Filesize
192KB

MD5
d79c601928dbc4bf3bfd2d0a571198db

SHA1
a256f010bc03ec9367cb565312253ed186468f03

SHA256
909749d03b7262ece95218b891f9d2362d83083270657ab764c060e457fb8b70

SHA512
d29591108caa41080042182a87d221f5eef37b2b92ff730ea3872c1c0b155fc12788576f2c4931c11ff0fff492ffd3d8996f7a16da7b9f1ffb5f77220f7d9ada

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe

Filesize
192KB

MD5
7979d90ca5e094866c20d88d8f3f2618

SHA1
9d3b08c41930783f3e2f3dde9ab8443294e0daaf

SHA256
14ef54fbb169cbee19c31396f858103f6fce877d957c4caadacaf4ccae96c755

SHA512
0f723df7e75a18f93bedef354b2483f156d4fcf644e0df120cdc283a5b4306b17e7bbbb97bccb5051a73512a3db996490ddf6cd88643d144750a1139846b3ab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe

Filesize
192KB

MD5
6d435f91e29120b9aba34510b20f88cc

SHA1
8762beee529f19522dec0dcbaf4694c39a33bcef

SHA256
3ef101d9b08ba4a04c980bb703ff3eec19a3267b80f67073021f395e00a97a87

SHA512
37c9485de594e953ceef12c280b98f53153f8c4caf1b0af3becc928dbf40f22cef42273fef3c4e964aa2c56c85d5d856012e92b5c4b5c244b0367bc3b90a7bcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40317.exe

Filesize
192KB

MD5
3807fb4ae536600cf75a78c980f3c48c

SHA1
bb2603a6a110daec027620bb358a31361700673f

SHA256
5333e98a282c963b4f57795adf9e26d79df30de9c9eb4c6469ab6996f3980772

SHA512
daaab7b6b964975255d3d71d933c38e7c6d6316304ac786dfafcd84f7d905333b95c980b739a72d0d06bb37e95ffc212ebe668dc8425ea759a7a0a6c5b2df069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe

Filesize
192KB

MD5
0b50b2513690e7839b35335d5cb4dae6

SHA1
a5224de96a35132121f69ae8e0ac508fb3befafc

SHA256
7e5809f7019ac1be7d16d21349f146141f6bce33bc9433239865345fb7accec2

SHA512
28a8f7d18bc9861b041d4731218944d12c796814e1a429b518d831fcf2a8f7552c50f46e5eb62968e6d0ad0afd91eb9287359607a49c6060a32f5bc880231ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe

Filesize
192KB

MD5
ea680a9fa69b03bd06185bdfd3e9b113

SHA1
6340f75da863c2e00b74d172644d7f25e7be1efc

SHA256
a29730a942efff0147e3d2be3d224fd013d3ce40953231864280f3b0370c5699

SHA512
b43a5843346d48b8df87e45556196f0e257ea5d5de15c02842a43237a1aa1e8bbeb8ff1c06e1daa041494ef3f41fe312adbee1a30554e3af928db7f04a9c1dcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe

Filesize
192KB

MD5
231f8dce8554002aed453e4162677c4e

SHA1
e03f690e1d0bc852a9a81f28fe1b69c556258dc9

SHA256
da784c3f9c8127fc0a6f55cc3aed997f6d52193faf8d2453926ab8df0612eb9f

SHA512
92035d55b5bdabc95f999b3fcc18e30ddbc6cf0ad1e7b2bf66020953ac4e99057bb007c62171d7d6b729ccf4f1abb5bb2261fec9a4f3cfe6f8e7765bb96b6c25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe

Filesize
192KB

MD5
e0afd55a9d47eef41eb67835bc66ca15

SHA1
6e226e4ab01bf5bcaf40109fd83bc3c056bf3e88

SHA256
241af3338b3fd307496c3bff4faca4f614ca73222fe4aab84310ca5d435f8e90

SHA512
8c6f4dd2f4e47228fa500cb63fe9f2f983a85f5542607f20e4b8b34a9563770f37257f71d5bf7b6606f3504aadb94a4bbf603c7e5c1ae1f44125fb8ef51ad265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe

Filesize
192KB

MD5
24139604c2c15c2bf06cf81b313a17af

SHA1
6a2a0534ea414fb956452c6a0a3736e4c319f988

SHA256
8a6d22c109b7ef9610e05d2825e9638a914593d04ed436b6a7fc8471325f8f79

SHA512
31d0c30a7d7fd77d99d252d65ac527580b5a7c80177673bd078bd180951061396d2f336fa9055db3e60b0dc4460c199413cd75490d8d4ba83286468bfc46911e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe

Filesize
192KB

MD5
e612fbc8a3b8a9d935ed426890a13b23

SHA1
e1d310801e4c26f9808131fa0d7b9d7d1b3bf1ac

SHA256
bd95f3f1be303aef584cd56dca21c7e5f12a9eb6eee009d50c79b2ec574e37bf

SHA512
9e7e5cfb07f91ed1fe682b1811e8d46a0fb2db6a12721fff98180c908ddfc32869735cb19e81b57f519c7329396892141d569535597ff16a179ed33757dd3bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5945.exe

Filesize
192KB

MD5
afd63baa75c92086adf0051061be6ffa

SHA1
d7d1100b01c9fa8d5e7bfaae94c281b11603ad7e

SHA256
c740bfa63427a91274bbf23a587dd4c08b9435f54252712d8a55e9f577b5b975

SHA512
5ce136ec3b5f6ebbc5e7549fcc4df7a4c6a13e6c6c1ca8ea143f76cbd7db21b355c048b309155f1d2716ce316b94de8846b95fe512c9b5bd74e44ef2d3cc9a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5946.exe

Filesize
192KB

MD5
3e3079f26c85398d1792fa8c6082914f

SHA1
1564322cc8cdb485706a5d1f26f6c61a6a5ea75b

SHA256
44d86a35b90695f68e4229be7a04a7247668bacf07888a955e4469882f510f8e

SHA512
ff7181a550369178ff48707295e8bbd20af1e13f7125a6658ea15dbc407e76e4df4368ddf970c4b4612774d9fb0c4941b9502ddb441b7c7e231260a9346650bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe

Filesize
192KB

MD5
d4e418998ba02cf002b51779bd031fbc

SHA1
05172bf0a8b4bd26b9959e1dc7bfc49bd1e4e147

SHA256
5cb0c582eb77d3a50f0fe3d5d157695b018eed7e4736d9a73d164e13b5a884f2

SHA512
18c24748ce60cca3da1675139f332bdf37ac529ab2354b457892fee0255944967950fc75a3a4563b6b2974bc2aed6e2dba3390e30c9292364594470d89401092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe

Filesize
192KB

MD5
589a8c5f9c177004bc9a3853647bac1d

SHA1
b50e4db86f031683c659af918155424140825ecf

SHA256
5eec33b7f4f24010a21852cec626b04eb51b20d9c5e5291fc100020bbdb186c5

SHA512
dec322011a9c370b9001b9e1814d0fd17343602e87b37f9d6bd4bf3c91eabdc72d91e9279eb3c9e924270362f6b1d55c957e104090684084f6bd60aac775bc94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe

Filesize
192KB

MD5
d01087d5a80d080b0ccc13803a61851c

SHA1
17b02c4859eb9c47161ecdc9a09be6c1d0caa23f

SHA256
376f85e16235394f50be0f655f6c64011d9b625c1f852122adc13cf1d22d4ed3

SHA512
c9cea2f95a5bf829cc9d66b695b7c58fa7459d043619d8f9cfa99a9427e5b25fef4555cce1c50f4f49ac2afb47b63455a43d58d4fd6dec12f0d4350b1dbb8235

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe

Filesize
192KB

MD5
a0f0112c09c838a064e68518524d0f01

SHA1
f10a9956de08bc835b834b7da1d987ff0a270ea7

SHA256
00a79d5e29be070136bb65a6e04dfc705803d88145216c3f78a48c8072a74a9d

SHA512
025ae2acf7fc9a65ea61365e2fc99a0fe9ec23d769e1ab1b23eaa231991db85323949a95a270143b2c38d3ea611d0ebf7ea6bc80fa8a0171462f42a227f54788

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe

Filesize
192KB

MD5
9b4176d1c6ee7945ecc1d1e2875c196f

SHA1
831d3bef01a48485c23b772d72dc75b89e88038c

SHA256
82f9267f5f41d9532c97615cc0593582f4507f98e2286719c61cde80d90a8c1c

SHA512
b1bfc1a05120a179d2317455383e930418abebdcaedc283ac77840ab20f512a35caccd94a172af56f3a5200cafcedf99c9d2e6fb13af4c6afc2fe167d5ff5060

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe

Filesize
192KB

MD5
27153d5572199a7f24c0fe877454d689

SHA1
3f1c165af3a2f2189bcbf12115b8df19cef53e69

SHA256
c9687962483165617e1529d1d63b47c175e9bb76a5f533925fe23e7c09ba3948

SHA512
198a584fbdcb06518d76f54209ea437c1fe5350dad4b0729a6628079b6256a63a5e983f6c473d51e833a7ae5d0f9e193fe59e6f3c868652ac7a5ea725ead9de3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6691.exe

Filesize
192KB

MD5
193dab41aeeae3a7dd359df0b112fe17

SHA1
9c4812b51e676796ae5a89a66b4f33b658746f8b

SHA256
ac60d70057a617f7a5f2fc33d74c3cb376160cdadd2b0e2b28059f4c72802ed5

SHA512
9a158eafc0329f06366fe1acd1e423669aaee1875578c6cf767f02e1c10340523c8fc17de2d1a9447d6dffbf109c0215e1b8886d992e3c44fdd69866c54b72e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18576.exe

Filesize
192KB

MD5
edfd86f168cb101df9cfb8a17ead120f

SHA1
71fb0b6e36833d2988e98a0593e1ee728464c3fa

SHA256
7feffade7a180a5de1bc53fafbf8f44e3a34e3fedad634bc16c4d615f96ca252

SHA512
37d81923327227629f4bfc58ec7eeb8065c16e8154b6b5ffb0b5446cc8cf2d80d43281560a92920d6c4057e10911853eb2994520ecbde9a7d9d66153219a6920

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe

Filesize
192KB

MD5
a6b6da184f124c3258fc0fce45bfdaae

SHA1
b4811578811817085244458c46849b31bb750d91

SHA256
6106b609e651b29b16e0d4aef27c979012b2ec429d92e3c5e6b7cb546bc67470

SHA512
5fb0d6e0a5dea3afba885449cace6757cc093768229409c90868db542f781cd4e6e7bef073993f0740d7cd827a025a2485af76dd5dc0d23dae222332ce828db2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe

Filesize
192KB

MD5
d9d132c642e1c81b4b9d889361e4a9db

SHA1
feca43a10072aa48881bc4eccc22a8bbdc840ee1

SHA256
4acc45399956965db2ccd5096971d1de74d79b5498dce81f89b725f21866d05f

SHA512
7f47e987669985d0c06f5ffdef427efc8c5bdc445c17626c7280ef4a079d572d2fb6d7f152ade9bb46ae31f87fe543c96818f1816c7c3bd1d3f2a20217fc1a76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe

Filesize
192KB

MD5
e0df2856684ccba851917b7365cccdab

SHA1
f00e95e5ac47e706c2d018a49284e3d26335c485

SHA256
3213352187e6fcebaecd875833ebc25b12acb9f270a37cc12fbb42adf8d27ad6

SHA512
c9a47962b09be227430d9e182d3b7697daf8f4f512069a694ee309a4f6717dbb5c23b73be7ecc87ff39fb1c1930a3afcc1307a14c0ed204b46ef6df1dcdfae1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe

Filesize
192KB

MD5
35c193efc4c4993343d6495cf09a3b3c

SHA1
99ab85bd4c7a78b3ed2f67f6822afb5820859e11

SHA256
eb3c28e2c4ee31c8726018746d7b6333b2361089bfed59c1545fbd233d0952ce

SHA512
7ee98f82f10f54bc4c7ccf5ee4fa7dcc4f0b88ef8de02dd27a341176cef865a1539d20b3fb601f07369d8f6b3df583ebd44f2ddea733f2eeddb1251a538c3ded

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2562.exe

Filesize
192KB

MD5
bfa70e0820e18093796a37dda3379c80

SHA1
a92a18e9f7c42bb9fa4ff60e8ab301c9acc3bee8

SHA256
b4a19fa04ebbfba6cf991048ab1b49f71a172f7ff9a5882dfaf1bd18df1690d5

SHA512
6211d48ef26dd26d9f0e9506e92106081e084b075a2e39bdb22b2fabfa3d0f1f6293cd61bd75aa75fe91d477e53c2f10c3ffcd224449a16965fd8309ab405ab5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe

Filesize
192KB

MD5
73a42ef3559b2c30f55c381ef2f849f9

SHA1
61b2909c1dfe7b00da3b6771552845ac48f9e393

SHA256
c1b68c81c0fc6a7da0081d648fc2e7b44383c602a66f582ff01d8112b0b285fc

SHA512
7a428b021b58e5e2acd5dabac53f45b353f47d038b0d3fc1641b763061a65e557edd95c6f1aac1a78ed3a8ca5181eac05c4ab102d90bbd9a6eb020bff89c3289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe

Filesize
192KB

MD5
219ac4eee1496921adb9f5f7a5e28ea2

SHA1
71af5f06f9176f4c1945ac14376d5c58d205d91c

SHA256
ba15aa5a37d72066671fbeda8289556d571455e806eef6038f76ca2835bd02ee

SHA512
ffae2124db192b4b56e02579e334c14cef6334ef7756fc557e3d71da8459455086de71e8ffa53680eff3f581777fc11f5d986f57e7d6a1da65279735cbd975a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe

Filesize
192KB

MD5
289dda8dc2aa142a8e03674202ee84c7

SHA1
b050db5693664d434ebac0d34b3ad9dec84255ca

SHA256
904bf64a62b651e8931d68252f0ed2a6c9726530352558f0b2b0617f8e61b405

SHA512
7f2181456cc7f55e8bdb9e859694bfbc71de364c7b8558c55165acf700c3d8c3d2c623ce61e958343c5d896b9d54000208155ae1b82039adf3fd88399fd424ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe

Filesize
192KB

MD5
e9d65c9458733f987c522c1fa5140ff2

SHA1
7224f16582134a98297956b2f457e9b634b39907

SHA256
e0df2d3b5bcf4c617ef10617db9be9dbdc3fff4ec961fbde17cdbd2099a9197e

SHA512
c099203f0af4403b7d7bf53779cd5490e969ad217f593959bd01c9bb234506b06f70b35c8077058b964bfc9a21d65ce56fdac5b3701272f8fc73b9b74164cefa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe

Filesize
192KB

MD5
9788886a0e7de217dc61aca75bc53a45

SHA1
3233000ff6d8dab65ddc2cce89b1c39468276822

SHA256
3363719d4cc180b222c9eb31825d596e4ba79a91e822d0944a1a8d445f1cf403

SHA512
0b878541f319e57ad309ce85a01008c16803147cccb541e9cf97e307b48b34f4c9879b64e0b21d0d20fe920f2e2117930d5083544af399e2f69bc696986ec266

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe

Filesize
192KB

MD5
11b428f8f9f76ed9a021c415c41d3bd6

SHA1
8334a609788445c0b3c8a3024250e745a8c2c2ad

SHA256
c61afd61972c4b5054c2f862b191cd748a95170dc82935e8a0639d3f1db445e0

SHA512
7e59a4e53437b177692408516abc14f71777e87b79a97dae2a8fd030f1e8b82b38f01ffb80432734e5d2ff9cc22759c985e89c2fcfad00972347cc9e6b8cb5e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe

Filesize
192KB

MD5
ba484672da2891284669c97e12ccae34

SHA1
43ef947838e7259229393d04349d0be188e380cb

SHA256
28aebea5a41ff0b70fe07cdbb18e5577631073a75b8c52cebfc0caf67adc6b0f

SHA512
5561261fc768d361b7faefae19ae7b981156d9484741a32969e31ae4e8692b072dfbfd69d3c14ee0e221f4a2cdeb31e8250f24108fa79440f1df2d1c7f170f22

Download Submit