fef48e561f9fe5166d6d353f3cc027fc987f16335415b661903f3bbfb32ffe94

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
Size

192KB
MD5

3826c505c6696fc059975f54b3f9210f
SHA1

6e8ccc719845b20426cbedaa9d3d73d619a8c53f
SHA256

fef48e561f9fe5166d6d353f3cc027fc987f16335415b661903f3bbfb32ffe94
SHA512

59241be86fee8ed1b517fd65bab297a1b8b454d293cae356094020aae41986d24585b779dae2da529bb445497ce14e695fcb80ba6eb9d5f38f1e1a5605d151c2
SSDEEP

3072:tz82oA1w0PAUkdC0Zdvlqh8b6g2orQW5T2NFx70fLG2lVvMK:tz1ogYjdtdNqh8LxIL2lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2676	Unicorn-17149.exe
2732	Unicorn-22515.exe
2668	Unicorn-18985.exe
2752	Unicorn-28348.exe
2548	Unicorn-24818.exe
2596	Unicorn-21441.exe
2628	Unicorn-43418.exe
1380	Unicorn-56225.exe
1524	Unicorn-59946.exe
1088	Unicorn-58877.exe
2012	Unicorn-17304.exe
1048	Unicorn-20507.exe
776	Unicorn-28675.exe
1732	Unicorn-16977.exe
3068	Unicorn-9946.exe
2080	Unicorn-63786.exe
2084	Unicorn-26475.exe
944	Unicorn-15161.exe
2372	Unicorn-18307.exe
1332	Unicorn-21161.exe
2096	Unicorn-12115.exe
780	Unicorn-418.exe
2868	Unicorn-36620.exe
2944	Unicorn-2603.exe
1956	Unicorn-48275.exe
2456	Unicorn-43444.exe
1916	Unicorn-35276.exe
884	Unicorn-32130.exe
2176	Unicorn-10963.exe
2644	Unicorn-48467.exe
2720	Unicorn-10273.exe
2960	Unicorn-47777.exe
2536	Unicorn-10465.exe
2968	Unicorn-47969.exe
752	Unicorn-41986.exe
2196	Unicorn-17674.exe
1788	Unicorn-14144.exe
1152	Unicorn-9313.exe
1808	Unicorn-55177.exe
2416	Unicorn-49469.exe
1752	Unicorn-27954.exe
2840	Unicorn-24424.exe
2848	Unicorn-10740.exe
316	Unicorn-24616.exe
1820	Unicorn-18909.exe
1868	Unicorn-35245.exe
2232	Unicorn-39883.exe
2332	Unicorn-59749.exe
1296	Unicorn-9007.exe
1632	Unicorn-7938.exe
3012	Unicorn-53610.exe
2424	Unicorn-47627.exe
1544	Unicorn-44098.exe
2200	Unicorn-47819.exe
1812	Unicorn-44290.exe
872	Unicorn-14954.exe
356	Unicorn-64347.exe
1236	Unicorn-15146.exe
1604	Unicorn-52650.exe
2696	Unicorn-64539.exe
2124	Unicorn-61010.exe
2556	Unicorn-33595.exe
2144	Unicorn-49931.exe
2544	Unicorn-46402.exe

Loads dropped DLL 64 IoCs

pid	Process
2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
2676	Unicorn-17149.exe
2676	Unicorn-17149.exe
2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
2732	Unicorn-22515.exe
2732	Unicorn-22515.exe
2676	Unicorn-17149.exe
2668	Unicorn-18985.exe
2676	Unicorn-17149.exe
2668	Unicorn-18985.exe
2752	Unicorn-28348.exe
2752	Unicorn-28348.exe
2732	Unicorn-22515.exe
2732	Unicorn-22515.exe
2548	Unicorn-24818.exe
2548	Unicorn-24818.exe
2596	Unicorn-21441.exe
2596	Unicorn-21441.exe
2668	Unicorn-18985.exe
2668	Unicorn-18985.exe
2628	Unicorn-43418.exe
2628	Unicorn-43418.exe
2752	Unicorn-28348.exe
1380	Unicorn-56225.exe
1380	Unicorn-56225.exe
2752	Unicorn-28348.exe
1524	Unicorn-59946.exe
1524	Unicorn-59946.exe
2548	Unicorn-24818.exe
2548	Unicorn-24818.exe
2012	Unicorn-17304.exe
2012	Unicorn-17304.exe
1088	Unicorn-58877.exe
1088	Unicorn-58877.exe
2596	Unicorn-21441.exe
2596	Unicorn-21441.exe
1732	Unicorn-16977.exe
1732	Unicorn-16977.exe
3068	Unicorn-9946.exe
3068	Unicorn-9946.exe
1524	Unicorn-59946.exe
1524	Unicorn-59946.exe
1048	Unicorn-20507.exe
1048	Unicorn-20507.exe
944	Unicorn-15161.exe
944	Unicorn-15161.exe
2628	Unicorn-43418.exe
2628	Unicorn-43418.exe
2080	Unicorn-63786.exe
2080	Unicorn-63786.exe
2084	Unicorn-26475.exe
2084	Unicorn-26475.exe
2012	Unicorn-17304.exe
2012	Unicorn-17304.exe
776	Unicorn-28675.exe
776	Unicorn-28675.exe
1380	Unicorn-56225.exe
1380	Unicorn-56225.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1912	2372	WerFault.exe	47
2240	1088	WerFault.exe	39
1528	2232	WerFault.exe	78
1724	2544	WerFault.exe	95
2420	1960	WerFault.exe	100
1748	376	WerFault.exe	102
1052	1092	WerFault.exe	108
2628	1868	WerFault.exe	77
3020	560	WerFault.exe	106
860	592	WerFault.exe	116
1212	2508	WerFault.exe	119
2312	2856	WerFault.exe	167
1808	2080	WerFault.exe	163
2704	2300	WerFault.exe	184
3180	1820	WerFault.exe	217
2148	2580	WerFault.exe	189
2988	2284	WerFault.exe	219
3376	2216	WerFault.exe	242
3884	3508	WerFault.exe	278
700	2376	WerFault.exe	295
1700	3388	WerFault.exe	303
1940	2672	WerFault.exe	333
1924	3000	WerFault.exe	337
1512	3116	WerFault.exe	381
2968	3828	WerFault.exe	334
2112	2336	WerFault.exe	368
3572	2320	WerFault.exe	358
3464	924	WerFault.exe	360
2740	3136	WerFault.exe	362
2552	3728	WerFault.exe	369
3696	3164	WerFault.exe	398
2896	2152	WerFault.exe	457
1684	3936	WerFault.exe	433
2692	3912	WerFault.exe	465
2924	3300	WerFault.exe	475
3352	3780	WerFault.exe	472
1708	3176	WerFault.exe	502
3528	1916	WerFault.exe	485
3664	2340	WerFault.exe	505
3832	3932	WerFault.exe	523
3272	2592	WerFault.exe	526
3536	1792	WerFault.exe	530
1320	3472	WerFault.exe	570
3016	3576	WerFault.exe	582
604	2228	WerFault.exe	591
2648	2952	WerFault.exe	550
2912	1476	WerFault.exe	560
1060	3636	WerFault.exe	566
3984	3340	WerFault.exe	599
2504	2384	WerFault.exe	622
2824	272	WerFault.exe	630
2056	3280	WerFault.exe	684
3500	3816	WerFault.exe	676
3068	2132	WerFault.exe	675
4388	2860	WerFault.exe	704
4412	3408	WerFault.exe	698
4588	3396	WerFault.exe	658
4680	2332	WerFault.exe	662
5044	1796	WerFault.exe	703
4292	4748	WerFault.exe	752
1712	4496	WerFault.exe	744
4376	896	WerFault.exe	724
2184	4208	WerFault.exe	735
3948	748	WerFault.exe	711

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
2676	Unicorn-17149.exe
2732	Unicorn-22515.exe
2668	Unicorn-18985.exe
2752	Unicorn-28348.exe
2548	Unicorn-24818.exe
2596	Unicorn-21441.exe
2628	Unicorn-43418.exe
1380	Unicorn-56225.exe
1524	Unicorn-59946.exe
1088	Unicorn-58877.exe
2012	Unicorn-17304.exe
1732	Unicorn-16977.exe
1048	Unicorn-20507.exe
3068	Unicorn-9946.exe
776	Unicorn-28675.exe
2080	Unicorn-63786.exe
944	Unicorn-15161.exe
2084	Unicorn-26475.exe
2372	Unicorn-18307.exe
1332	Unicorn-21161.exe
2096	Unicorn-12115.exe
780	Unicorn-418.exe
2868	Unicorn-36620.exe
1956	Unicorn-48275.exe
2944	Unicorn-2603.exe
2456	Unicorn-43444.exe
1916	Unicorn-35276.exe
2176	Unicorn-10963.exe
2644	Unicorn-48467.exe
884	Unicorn-32130.exe
2720	Unicorn-10273.exe
2960	Unicorn-47777.exe
2536	Unicorn-10465.exe
2968	Unicorn-47969.exe
752	Unicorn-41986.exe
2196	Unicorn-17674.exe
1788	Unicorn-14144.exe
1152	Unicorn-9313.exe
1808	Unicorn-55177.exe
2416	Unicorn-49469.exe
1752	Unicorn-27954.exe
2840	Unicorn-24424.exe
2848	Unicorn-10740.exe
1820	Unicorn-18909.exe
316	Unicorn-24616.exe
1868	Unicorn-35245.exe
2332	Unicorn-59749.exe
2232	Unicorn-39883.exe
1296	Unicorn-9007.exe
1632	Unicorn-7938.exe
3012	Unicorn-53610.exe
2424	Unicorn-47627.exe
1544	Unicorn-44098.exe
2200	Unicorn-47819.exe
1812	Unicorn-44290.exe
872	Unicorn-14954.exe
356	Unicorn-64347.exe
1236	Unicorn-15146.exe
1604	Unicorn-52650.exe
2696	Unicorn-64539.exe
2124	Unicorn-61010.exe
2556	Unicorn-33595.exe
2144	Unicorn-49931.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2676	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	30
PID 2624 wrote to memory of 2676	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	30
PID 2676 wrote to memory of 2732	2676	Unicorn-17149.exe	31
PID 2676 wrote to memory of 2732	2676	Unicorn-17149.exe	31
PID 2676 wrote to memory of 2732	2676	Unicorn-17149.exe	31
PID 2676 wrote to memory of 2732	2676	Unicorn-17149.exe	31
PID 2624 wrote to memory of 2668	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2668	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2668	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	32
PID 2624 wrote to memory of 2668	2624	3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe	32
PID 2732 wrote to memory of 2752	2732	Unicorn-22515.exe	33
PID 2732 wrote to memory of 2752	2732	Unicorn-22515.exe	33
PID 2732 wrote to memory of 2752	2732	Unicorn-22515.exe	33
PID 2732 wrote to memory of 2752	2732	Unicorn-22515.exe	33
PID 2676 wrote to memory of 2548	2676	Unicorn-17149.exe	34
PID 2676 wrote to memory of 2548	2676	Unicorn-17149.exe	34
PID 2676 wrote to memory of 2548	2676	Unicorn-17149.exe	34
PID 2676 wrote to memory of 2548	2676	Unicorn-17149.exe	34
PID 2668 wrote to memory of 2596	2668	Unicorn-18985.exe	35
PID 2668 wrote to memory of 2596	2668	Unicorn-18985.exe	35
PID 2668 wrote to memory of 2596	2668	Unicorn-18985.exe	35
PID 2668 wrote to memory of 2596	2668	Unicorn-18985.exe	35
PID 2752 wrote to memory of 2628	2752	Unicorn-28348.exe	36
PID 2752 wrote to memory of 2628	2752	Unicorn-28348.exe	36
PID 2752 wrote to memory of 2628	2752	Unicorn-28348.exe	36
PID 2752 wrote to memory of 2628	2752	Unicorn-28348.exe	36
PID 2732 wrote to memory of 1380	2732	Unicorn-22515.exe	37
PID 2732 wrote to memory of 1380	2732	Unicorn-22515.exe	37
PID 2732 wrote to memory of 1380	2732	Unicorn-22515.exe	37
PID 2732 wrote to memory of 1380	2732	Unicorn-22515.exe	37
PID 2548 wrote to memory of 1524	2548	Unicorn-24818.exe	38
PID 2548 wrote to memory of 1524	2548	Unicorn-24818.exe	38
PID 2548 wrote to memory of 1524	2548	Unicorn-24818.exe	38
PID 2548 wrote to memory of 1524	2548	Unicorn-24818.exe	38
PID 2596 wrote to memory of 1088	2596	Unicorn-21441.exe	39
PID 2596 wrote to memory of 1088	2596	Unicorn-21441.exe	39
PID 2596 wrote to memory of 1088	2596	Unicorn-21441.exe	39
PID 2596 wrote to memory of 1088	2596	Unicorn-21441.exe	39
PID 2668 wrote to memory of 2012	2668	Unicorn-18985.exe	40
PID 2668 wrote to memory of 2012	2668	Unicorn-18985.exe	40
PID 2668 wrote to memory of 2012	2668	Unicorn-18985.exe	40
PID 2668 wrote to memory of 2012	2668	Unicorn-18985.exe	40
PID 2628 wrote to memory of 1048	2628	Unicorn-43418.exe	41
PID 2628 wrote to memory of 1048	2628	Unicorn-43418.exe	41
PID 2628 wrote to memory of 1048	2628	Unicorn-43418.exe	41
PID 2628 wrote to memory of 1048	2628	Unicorn-43418.exe	41
PID 1380 wrote to memory of 776	1380	Unicorn-56225.exe	43
PID 1380 wrote to memory of 776	1380	Unicorn-56225.exe	43
PID 1380 wrote to memory of 776	1380	Unicorn-56225.exe	43
PID 1380 wrote to memory of 776	1380	Unicorn-56225.exe	43
PID 2752 wrote to memory of 1732	2752	Unicorn-28348.exe	42
PID 2752 wrote to memory of 1732	2752	Unicorn-28348.exe	42
PID 2752 wrote to memory of 1732	2752	Unicorn-28348.exe	42
PID 2752 wrote to memory of 1732	2752	Unicorn-28348.exe	42
PID 1524 wrote to memory of 3068	1524	Unicorn-59946.exe	44
PID 1524 wrote to memory of 3068	1524	Unicorn-59946.exe	44
PID 1524 wrote to memory of 3068	1524	Unicorn-59946.exe	44
PID 1524 wrote to memory of 3068	1524	Unicorn-59946.exe	44
PID 2548 wrote to memory of 2080	2548	Unicorn-24818.exe	45
PID 2548 wrote to memory of 2080	2548	Unicorn-24818.exe	45
PID 2548 wrote to memory of 2080	2548	Unicorn-24818.exe	45
PID 2548 wrote to memory of 2080	2548	Unicorn-24818.exe	45

C:\Users\Admin\AppData\Local\Temp\3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3826c505c6696fc059975f54b3f9210f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        11⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
        12⤵
        Program crash
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60006.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45710.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        11⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
        13⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        14⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
        15⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
        16⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        17⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        18⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
        19⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        20⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 220
        21⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        20⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe
        21⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22484.exe
        22⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        23⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
        19⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        20⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        21⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        22⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        23⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37350.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        11⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        14⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23976.exe
        15⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        16⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45917.exe
        17⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        18⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
        19⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        20⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
        21⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        22⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        23⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        24⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        14⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57136.exe
        15⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
        16⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
        17⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29849.exe
        18⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 224
        19⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30780.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46317.exe
        10⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 224
        11⤵
        Program crash
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        10⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        13⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18641.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        15⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3981.exe
        16⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
        17⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        18⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49641.exe
        19⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        20⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        21⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        22⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
        23⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        24⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        21⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        22⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65535.exe
        23⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        19⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        20⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
        13⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        14⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        15⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        16⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        17⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
        18⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        19⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        20⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        21⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29365.exe
        22⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
        23⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
        18⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
        19⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
        20⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        21⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14335.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        13⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        14⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        15⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        16⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 220
        17⤵
        Program crash
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        13⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 200
        14⤵
        Program crash
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13836.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        10⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
        11⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        12⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 244
        13⤵
        Program crash
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
        11⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        12⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2242.exe
        13⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        14⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2396.exe
        15⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        16⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        17⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        18⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
        19⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        20⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        21⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        22⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
        18⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        19⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28042.exe
        20⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        21⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        10⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5975.exe
        13⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
        14⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        12⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        14⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8106.exe
        15⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        16⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        17⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47778.exe
        18⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22174.exe
        19⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
        20⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        21⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        22⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        23⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        24⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        20⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        21⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        22⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        23⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        18⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21619.exe
        19⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
        20⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20896.exe
        21⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        22⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        23⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        19⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        20⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
        21⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52188.exe
        22⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        10⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        11⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        12⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        13⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        14⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        15⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        16⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
        17⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        18⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
        19⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37104.exe
        20⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 220
        21⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        16⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
        17⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31193.exe
        18⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35459.exe
        19⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
        20⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        21⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        22⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        23⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16496.exe
        19⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        20⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        21⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        22⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
        14⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
        15⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
        16⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        17⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
        18⤵
        Program crash
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21002.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
        9⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
        12⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        13⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        14⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        15⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        16⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        17⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        18⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        19⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 220
        20⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        18⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        19⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6095.exe
        20⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        21⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50515.exe
        9⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        11⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        12⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 224
        13⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        7⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 224
        8⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        10⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        12⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        13⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61593.exe
        15⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        16⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
        17⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 244
        18⤵
        Program crash
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13954.exe
        14⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 240
        15⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        12⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        13⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 224
        14⤵
        Program crash
        
        PID:1512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        13⤵
        Program crash
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3032.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
        11⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 224
        12⤵
        Program crash
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24007.exe
        9⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4224.exe
        13⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42014.exe
        14⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        15⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38050.exe
        16⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
        17⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 220
        18⤵
        Program crash
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        11⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
        12⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        14⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        15⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 224
        16⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        14⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64069.exe
        15⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        16⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39610.exe
        17⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        18⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43627.exe
        19⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
        20⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        21⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        22⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
        23⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        19⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        20⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37481.exe
        21⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10008.exe
        22⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40184.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2361.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
        13⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
        14⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        16⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        17⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13315.exe
        18⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60430.exe
        19⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        20⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 220
        21⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        19⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        20⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        12⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
        13⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40696.exe
        14⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        16⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        17⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        18⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
        19⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        20⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        21⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        12⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
        13⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        14⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 244
        15⤵
        Program crash
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55668.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        10⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
        13⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
        14⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        15⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4116.exe
        17⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        18⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        19⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        20⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        21⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 244
        22⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        21⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        16⤵
        
        PID:272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 220
        17⤵
        Program crash
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        13⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
        15⤵
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 224
        16⤵
        Program crash
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8144.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        11⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        12⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8163.exe
        13⤵
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 224
        14⤵
        Program crash
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60017.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        11⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        12⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
        13⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 244
        14⤵
        Program crash
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        12⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        13⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        15⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        16⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 224
        17⤵
        Program crash
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30090.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        11⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53207.exe
        12⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18558.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21833.exe
        14⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        15⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        16⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        17⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 220
        18⤵
        Program crash
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        12⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
        13⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        14⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
        10⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        15⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30674.exe
        16⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56164.exe
        17⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 244
        18⤵
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20490.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        12⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
        13⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        14⤵
        Program crash
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2113.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9358.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61694.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
        13⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
        14⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62341.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35663.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
        17⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 240
        18⤵
        Program crash
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        17⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51795.exe
        18⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        19⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        20⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        21⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        22⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 248
        8⤵
        Program crash
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        7⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 224
        8⤵
        Program crash
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        7⤵
        Program crash
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11470.exe
        10⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        11⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14464.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        10⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 220
        11⤵
        Program crash
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-910.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55638.exe
        11⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27987.exe
        12⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50950.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        14⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        15⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 220
        16⤵
        Program crash
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11189.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        11⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        12⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        13⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
        14⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        15⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
        16⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 224
        17⤵
        Program crash
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        16⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 224
        17⤵
        Program crash
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        6⤵
        
        PID:560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 244
        7⤵
        Program crash
        
        PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37158.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        11⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
        13⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        15⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        16⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
        17⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        18⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15323.exe
        19⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        20⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
        21⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        22⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        23⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        24⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        13⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        14⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        15⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        16⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        17⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        18⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
        19⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        20⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        21⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        22⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        23⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        19⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39515.exe
        15⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41151.exe
        16⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        17⤵
        
        PID:748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 224
        18⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27333.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48321.exe
        12⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 244
        13⤵
        Program crash
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
        11⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16173.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53949.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        14⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        15⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54365.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        17⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        18⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        19⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        20⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        21⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        22⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 244
        23⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
        9⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 220
        10⤵
        Program crash
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53961.exe
        9⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        10⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
        11⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        12⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56809.exe
        14⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        15⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        16⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        17⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 220
        18⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        11⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 224
        13⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7620.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        11⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        12⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        13⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23888.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        15⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        16⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        17⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51136.exe
        18⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        19⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        20⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31233.exe
        21⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        22⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        11⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65392.exe
        12⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        15⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        16⤵
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 224
        17⤵
        Program crash
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        15⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        16⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        17⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        18⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        19⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40149.exe
        20⤵
        
        PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        9⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21097.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        12⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 244
        13⤵
        Program crash
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49036.exe
        8⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
        9⤵
        Program crash
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        7⤵
        
        PID:592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 244
        8⤵
        Program crash
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        10⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        11⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61702.exe
        12⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        13⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 224
        14⤵
        Program crash
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        11⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        12⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
        14⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        16⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
        17⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55313.exe
        18⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        19⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50498.exe
        20⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        21⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        22⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        23⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        14⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        15⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        16⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        17⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        18⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        19⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        20⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        21⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        22⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38224.exe
        19⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        20⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        21⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        22⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        20⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        21⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        18⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 220
        19⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        17⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49154.exe
        18⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        19⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        13⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 240
        14⤵
        Program crash
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61527.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        13⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        14⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        15⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        16⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        17⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        18⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        19⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
        20⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
        11⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        12⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        13⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        14⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        15⤵
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 244
        16⤵
        Program crash
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
        10⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        11⤵
        Program crash
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23847.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21398.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
        11⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20753.exe
        12⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 224
        13⤵
        Program crash
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
        12⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
        14⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        15⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 224
        16⤵
        Program crash
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        6⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9633.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2029.exe
        11⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        13⤵
        
        PID:1476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 224
        14⤵
        Program crash
        
        PID:2912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 248
        5⤵
        Program crash
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8195.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        9⤵
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 248
        9⤵
        Program crash
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        10⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        13⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        14⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12642.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        16⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
        17⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        18⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        19⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        20⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 224
        21⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        19⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        20⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
        21⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16719.exe
        22⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        18⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
        19⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        20⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        12⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe
        13⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43971.exe
        14⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
        15⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        17⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61499.exe
        18⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        19⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61435.exe
        20⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        21⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10771.exe
        22⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
        18⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 224
        19⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9154.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        13⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 220
        14⤵
        Program crash
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24372.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        12⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        13⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        14⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        15⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        17⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        18⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        19⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        20⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        21⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        18⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
        12⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        13⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
        14⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42220.exe
        16⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        17⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37488.exe
        18⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        19⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4559.exe
        20⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26371.exe
        21⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        22⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15401.exe
        17⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58915.exe
        18⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        19⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        20⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        21⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        18⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        19⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        20⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48392.exe
        13⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        15⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35952.exe
        17⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        18⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
        19⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        20⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15486.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35880.exe
        12⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        14⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50881.exe
        15⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15131.exe
        16⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        17⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26928.exe
        18⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        19⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
        20⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18966.exe
        21⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        22⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2219.exe
        21⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        18⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        19⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        20⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
        16⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        17⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        18⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        19⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        20⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        18⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        19⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
        12⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        13⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
        14⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        15⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        15⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        13⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        15⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        16⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        17⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        18⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        19⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        20⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        16⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        17⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37533.exe
        18⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 244
        19⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        9⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        10⤵
        Program crash
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44847.exe
        10⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        11⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62865.exe
        12⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        13⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
        14⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
        15⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        16⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 224
        17⤵
        Program crash
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        16⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
        17⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        18⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        19⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61116.exe
        12⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        13⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        14⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        15⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        16⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50773.exe
        17⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        18⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        19⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
        20⤵
        
        PID:4976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35276.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        11⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        12⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        13⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
        14⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        15⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
        16⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
        17⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        18⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        19⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        20⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        21⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
        22⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        23⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        17⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        18⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        19⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 244
        20⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        8⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        9⤵
        Program crash
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        12⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        13⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        14⤵
        Program crash
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32305.exe
        13⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
        14⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        15⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
        16⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        17⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        18⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        19⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
        20⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        21⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        15⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        16⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10705.exe
        18⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        19⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        20⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
        21⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 248
        17⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
        6⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 244
        7⤵
        Program crash
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        6⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53629.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55970.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
        10⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23753.exe
        12⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19659.exe
        13⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        14⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47970.exe
        15⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        16⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        17⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
        18⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11248.exe
        19⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
        20⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        15⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        16⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50114.exe
        17⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        18⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        19⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        20⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        16⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        17⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        18⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
        19⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        12⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28621.exe
        13⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        14⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        15⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
        16⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        17⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        18⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        19⤵
        
        PID:348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 188
        20⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        16⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
        17⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44352.exe
        18⤵
        
        PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        6⤵
        
        PID:376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 224
        7⤵
        Program crash
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31658.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17899.exe
        11⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        12⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
        13⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
        10⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64318.exe
        11⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe
        12⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        13⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        14⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        15⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        16⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43570.exe
        17⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        18⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        19⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48401.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        17⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23942.exe
        18⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        19⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12961.exe
        5⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        11⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        12⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        13⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        14⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7731.exe
        16⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3170.exe
        17⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35127.exe
        18⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        19⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
        20⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
        21⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64654.exe
        17⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7750.exe
        18⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 240
        19⤵
        
        PID:5472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13799.exe

Filesize
192KB

MD5
e53cb4d26bc2a08bf2662eee279068eb

SHA1
57c595161a92a2586e864222a5c7fe234e156dd0

SHA256
32d9a00cd0625a119287b616cf070ea97876da8a3f13aeca8d176312314c2301

SHA512
91f29fc6c3cad560bb0f273ed62b88fb8caf085ba0e32e9ff8c06ebc08be84b2ca72e6cb97b5840e276d81ef3317d506e3ea65cf2f9eae5b047a3d4abdd5345b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe

Filesize
192KB

MD5
e4f1917de1955a620504214504312a5b

SHA1
81d1b98e035c21a5f35e095456daf45ba81d36c7

SHA256
00826585f7b5470fb0cac32c6fd558322a1b68d6b75b8083275137ed1a735160

SHA512
77e8182888ef89a7dde529db36d547b6ff9c41389cf36329d2abe1cb8b8bf8ced88e399a442713c1352834e70a79be3089e496d3702fe31e441f945b53724a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe

Filesize
192KB

MD5
7b743b0efb3c4b6aebc97f2fa9a9a4bf

SHA1
b934124189d96d4271c9b356c2a35f3794851095

SHA256
bcff5ba5068e82c6ca63a6ba2a100637fb293cea925421ec1b5f2292dddff8b9

SHA512
cbf29c3389bf0e322c840908b40c11a0bbfbb7fea471fb083156afa30ae394f2cb7649fe2c795833ca3c69e53dbc0543e688f1cf854f4a7c9c61f39fb5a446b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24818.exe

Filesize
192KB

MD5
836024b38584ccc852f5cda744a2ae45

SHA1
911b39d5a2a0905fa733037a95c6c9696af8d1c3

SHA256
d2654ec7303e22a4199e020f2570fc03098a8f72941b454003931e9c51b2516f

SHA512
8b8b7a9fd57575d85e83f8b0e003531868749c20af58b02129f1f0bc7dd5228ede0c5777ed4f1d62b6178d5d847a908b917bc7700868e9dc4b6f7094acc361f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe

Filesize
192KB

MD5
8ac38beccc73e79331170853cd434f7b

SHA1
158f070818275277852b630b9a38c0f7f4fd09c6

SHA256
d037c7a20edc00442b0ae0ee1703480bca1d8a4847d9698b4dd1b82282046bf0

SHA512
9dd37a279b07bc9e349b23472757013de97d2b280077f870c5ea9aee326d5e917c11213f5e19bdcb3d233e63ea3288b603da648fd0f233631c397c2f35f6fef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe

Filesize
192KB

MD5
def51687dae970edfb64f90b382ac401

SHA1
5f97bbedf302a2f2c3d4459856ccfa1f0d30ec70

SHA256
80cb1527b40e9a2314ac58a583c0a1907a11483110fa136e9950aa6cf3333421

SHA512
00209abfa6cc12248d9c294e6e6cc27e42b730e84afd92b15151da31d74aff0f8b842cf580aab4ea1c4acec905df73283290fb97486602e10eccf8f5bd538a26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe

Filesize
192KB

MD5
2998a6875da60fb6f6da1b5293d13744

SHA1
fac94236b05353d267ebfe663cfb636baf2d284a

SHA256
32644927699330dcbc4e2936fa8340de649bc2c5581aff5cb16513648ef5aea0

SHA512
30b80f869024aaec1518dd1b4ebcb8c62d283f5977556e34f9ce15c9b0ed7c8e8197b8517cf4be1a2c266682a9e3c6b595f7e1cb846adce643ddaa600c32df14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe

Filesize
192KB

MD5
1820c41ee1a84aac3b04c6956144ef15

SHA1
4ce3509481473052c73030f458daaf05c92f8434

SHA256
e91c5ec73ca488694da55f6669ac1e5c31bb15c27c498afb1cb832ae62564cc9

SHA512
a5f42fdb325426a935de805320afd188b36018781b525f2e12e1ded3cbff6d021ff5347c6e7e79dce8b1cbe095f7bfa0bc67d69c2acd5e730bcbba4c81535c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe

Filesize
192KB

MD5
26a7d3985eab9b6eaf3c4ea472a028ef

SHA1
a496eb314eedcaef268487bac5b089be6d4e6d66

SHA256
2d14ab886c9c86a463c2187262498444842e281eadc77ff4fbc627f0881dd960

SHA512
cdaf54581d2d44f27c7b8590a8f34b06af37e0110e4ad997408da9b6e109557b9eb597594d9d9ac79b6f278bd133117023b6292f6069c9e3ea683cf5a37df63a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe

Filesize
192KB

MD5
a61f7505e4fe521f33ff374da90bf58d

SHA1
11785e978a2b4401bdafcd326cdab85ad2e501d9

SHA256
ad726455148223510b56b5ac2104a89216b592e14c2901e6cc82b0ea947ae04b

SHA512
83d903aa7d068551d55994b5839b78f8d671f07414e621321a2de80d87948f9ebebbffb63122c7b7e5155b37959609faed1b0ee6e0512432f6c355e7ae4e44c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe

Filesize
192KB

MD5
5165a85b1bd8f9257e3dc1fefb6ac353

SHA1
d9d41d27c2b9f0d56d45a41ef4f7e470cee1afc5

SHA256
ea90bb2ee13183a3412aab138049823dfb3fcc9086006a8db73d711bfebd2342

SHA512
7a4ac859924f8ef8bfff10dca485cd98828d3fa12ed298cfa1e9b576389bbd15ea3cc53241904da210e04deefd20a9234e0ebf03c41ad1e7e9e5fa4d5cc90e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe

Filesize
192KB

MD5
3d742f68621a40648e699534c031accd

SHA1
28cfd527466523b039717d15f62b34fad145df77

SHA256
dbff831cdd9931d2729b183f9a8d512ba86009c652a8aa4cc05d24dc42e1a1e7

SHA512
fbb46eeb50ebef3be7b449f0b8e25e91499e8cd97ff8418648e95583dcc88d16d6e7c15e364a7d583ee896e74267fac7fd12ae325aa8d3b39e4939b9b8d9bd75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe

Filesize
192KB

MD5
a4b015b945e217259b4cc2ed7e90a28b

SHA1
ace39fa2150a04c9896034e2ebc80df80722fd09

SHA256
80f615bfba5b1b01d14876d8cf04d9e266829782c5b5ce29228e2bf03ee3d1ef

SHA512
741e8063b7f9714eb604b4e2fe5688c20ef8768d54c71e3c4bd13069b40b98baea2c0a0cdba06940b48f1784cb784aa5cb2b11e40fd9349a5b180eaf9037f9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe

Filesize
192KB

MD5
3235b77743f71cf8078372433db6c223

SHA1
2b9660176fb5805a43b223cd6e7ea9d56185c0a8

SHA256
332903065722992697553caaf0f575cd6a7aff2bfd6696e346604457a29c13ac

SHA512
8adbdaf910a8c84e7577f6aa17a9e7fdc5cba5620db0686ef847419fd5ed08097f9c08b31b2afae3ea30434119f0c14dbdb7f8ce299248e9c1843fd851dca77f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe

Filesize
192KB

MD5
b87ab0893a9da5f7d3f33901c2e67d8d

SHA1
b6c2062c0b6c444b01e5fe4b68a2bada63282b1d

SHA256
6e2ab362ea99f732de654e5a0635e215c8589717a541e74921e64593ecde318e

SHA512
9930bb1dd630c2b47e52952f63a58a0ccfe2bdeaddffc64ae8fce4a7eb9f51a8c0a3a85641dc61b919da9f86d877dd11e4ca38ddcd0dafb12402adc355774a89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe

Filesize
192KB

MD5
5576450ee68c49dbaa3905e67202ec49

SHA1
032407bac541411f000d9c81b8094e9db5a1b724

SHA256
2522f7524c096bf29344b9406c608de225ee40975a51a438023af4afbefa2b48

SHA512
7d274bdc6310b34ccccf7c2b4bb6ec8299d756b7a44016f771de3ba20d6a123dfbe4cc68cca63a78f578f086b832331f7b9ee72b48e55a70106b9bb15aa1bfd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe

Filesize
192KB

MD5
8eda9278ecc4515c8b576a25976244c7

SHA1
a168c3e4c05b82f4d4ec3628cfc080d41549c9b6

SHA256
80db1dc057c7287a3a9cdbeba23d7fe64ea2a7597366a97f431f0762b8c2232d

SHA512
1a32f485e55b7044462eda5763037e5524813f5066314c5d1312152db9129fea64c41ad2a24bddb4f8617f4556c02faa3313e85bb36e953e99d411c6489d1cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6456.exe

Filesize
192KB

MD5
1eba6ed2c6c3f118a8116dd9186ed224

SHA1
0a3a0403baab7ac040eaa2c946b52f77a5984860

SHA256
9685d8d1225132e51871e617a1803c5002960284a2ae2aa0f9738eec292039d6

SHA512
a42876029efc0a306432d0d7c304f8b8729ce3f9fa649dd8c8f8a008b83a37eeffdd7e22b8ea014b91073609e6810143c8d32fbadbf735af422838e2b28e00a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe

Filesize
192KB

MD5
116a8a76f1576bfcf74cf3280b691142

SHA1
f643b640bca29dd8c0a00074fb8bda95aa241da7

SHA256
61ebf64cbe5701ed63911cde8ba01920b7e247034a205598d309cc6a7c4e1ce8

SHA512
dda378b70d85bb638c44cf64277626b630be05c00658a29f3237ef206adf0a943ecca19ae74087a2ed6b723e840d8c4eac790e5b839f1e3245d958f22f85174a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe

Filesize
192KB

MD5
a663d6df3cd28b74b5218763e3c1f41d

SHA1
4fa0d258139aad868f2c385a6c79c7eea568e214

SHA256
2465ed379915a39802e808e5164b588c5e87726b428649dff9404c7fde9901d3

SHA512
7d7e912109f401a7424c785e39d1f252d4872a697e86095af90c824d1964830889483e4b380f535668353095d9649a90254afdfcb58acd6b5de1eb99e1539bd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe

Filesize
192KB

MD5
7498f1871339430b1cd1661e8d67a8d1

SHA1
bc7380afc534a78da13db775025fed6cf5da349f

SHA256
da8610f0f61dee95ca4e832bbbe0e894e7b76ca2553f0e016d6cb44c02426c93

SHA512
8160646b9dba1cbb27eeef5b66501003ece5e3ed5123d75c0faf1cabaffdba1357b9b00783c41910dd1bcbeefe40ab1bfc6c82f860baca69bee1a953d3c69be0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe

Filesize
192KB

MD5
d813bb8fe63abbd34e4ed1f3d4cc2c18

SHA1
54363f18d5349cd9677006ce79a4a8bb98182446

SHA256
ec584f2c54fe5905b839f730c967be984d45e3208581532f4d38b9af9a438a5a

SHA512
6b391b79df7222b1ae860a00ac9ddd695576634396347c7e0bf83abe797ee9384118320d1eb1e84e3f885322b9ec8c22bc0157dc908012536235648fc47f32bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe

Filesize
192KB

MD5
7b5d85c4566bec7deec7e567c172803d

SHA1
eb6cc316c10c7c3d5a3093d0d243a5751ae44806

SHA256
59a0fbfa2445e20bb79a5f48e996356b693bc1d3a818069bcfcc5bf48d3843ac

SHA512
19d651635a3488c88de2bc36797646eda446432492fcd9167eb7cf5881f378776cfa660e12f3bef6fab7e42c5e9cbb9504a0c4029f6efec346bc5f9fc2fa46b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18985.exe

Filesize
192KB

MD5
4e2d2f50c5e3650187386b4e91d59873

SHA1
032d0b5d7290a1129d5d4ff7bc8e436445676fe3

SHA256
cf1c37c7ddd4b5f64694843c3f8a92aa67a8d71e8c002c41ab072e25aa5b29ee

SHA512
c3b0d999be895f07ad805e16d913b55030144adf78d8c4c2100a31480a9c1268fadd8ea43d07a9ea3446b444305fc5e9cff3a0469ebe7389954c58efb5e27505

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20507.exe

Filesize
192KB

MD5
bee4ff11fb0da0d5548358a31198ca54

SHA1
cb5b80f735380678bc1db9b0f13407c789dd13fc

SHA256
71848abe4f1ca7d51ef508da6a146c1fdc02623f72003dc389f41f94a92c1ddb

SHA512
6754303d4d7bee2b59ed6a620c8982f5d299442faa3834f431752ade5fc510d59081b60c0dcd5df44da34d9cd6c49dc7c436e5422c1defa5d1c39113a1fca0fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe

Filesize
192KB

MD5
5ddc32b555a64d394abcf433ebb7fe17

SHA1
278d598548d6f38c0e94bad5ad8b290174504233

SHA256
94e34e66223c90918065c0e0a90f902e8af4837f4de773511ef2b59c896a6d48

SHA512
aa940f41c3e32b577ca2f316516f5a940635bcb2ac5bfe63436635b3ce81a75a77a46dcc7e3994b6d8d47a18bc1814b15cec94229cfdafacf33b07dfc681f10a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22515.exe

Filesize
192KB

MD5
8979038b3a3dab4a2d50fefcbae87018

SHA1
31643500b5d729b25cfc90d50ed439aa6ba1d084

SHA256
84f65600d22979c940ec09aeca7ce2af15460376d93a5035d5c5d7758e9a85e3

SHA512
f15e3e479a6f027c960e97db6ee088aac5c9aa515fea5f414408cf6e3100c3c90a06a3061541cbe760f767bdb613e232ce9f4b3dff01ec07c70bcd63de62a77c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe

Filesize
192KB

MD5
759ecd08ede66a3623a2895cb2a5a7d2

SHA1
9c37a09d7dfce8ce8156d487d3ba9648b8963468

SHA256
55603cbbc1cc46b14375238010dafee54d7710eca894a8a6d9aabc9340acf23f

SHA512
6216326b0409baae3d4a7ec1d99ebbcf01a998689d026775bc861813474e057c88c00c02b5744c4233d96e2b910c677c1e1625eaf10773eed81aa3d217d7d0a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe

Filesize
192KB

MD5
c531ccd3e2f6853db07b3edb039df3b5

SHA1
28215a5604a5e5f07a651e6691e9234edd1297ba

SHA256
051843b3b079918f47c646f757ab7b08fe115c2aa286b504a9f8d02565f2db8a

SHA512
1d95d387251639f8ac88f4e456e9a77a007ffc948b1165a134796aa70de6c26cfc577702a6ac20c46eebe52b7fb0229a67fbd5acfbf030f020f5a91d1733e7d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28675.exe

Filesize
192KB

MD5
a74a47dc79f63f481c5122c060c0bc4e

SHA1
6ecf04b35e2ea956ab71faf8edd12fd8657f1c98

SHA256
c88f0fdd48aa74dde157d0092b05eb352018abfb7124d11b7897b5e7047679c5

SHA512
788295960da21a949211c5fbbd8cf7739fb43a0bea904bee4fb1645483e08dee1fe7c2f2c70b97b87f15280f491985a94e78ca31754e8da4c78cb2083f0eafd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe

Filesize
192KB

MD5
233ad524745810ee99c6a23058915c47

SHA1
97dbb8b7e6d7d461e959e83f16933714026d8611

SHA256
ca1ebf8c4420e6f1c6d180efa82e65b927c413e53dbd4084072a07b75c3c7f35

SHA512
bd9fdc9618f1b5a2e02b233cabb39f7665bc24d62312c4e4ef1702c07da974b11cd3044dd58a0fe132e98436f0c7a540fe430f6f330e2b38d941f070574b22c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58877.exe

Filesize
192KB

MD5
76a823a0c3e738b1de75e9221ad1380d

SHA1
56c0797fd7d32a32cd07c4c56045fa74fbbea9d1

SHA256
07dbbc2a59c113fe7fcbfbbd3a4ae354e27600b1a0e6834ccd75549d304f9246

SHA512
57963745ebde3a9c77179e94adc2c5e37576f1fdcaf2ee6791cb4e379858041d94210f0f084ab22227788116331277b2ce06afcd2ea9854d82f45673d97cd566

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe

Filesize
192KB

MD5
f4fae3b158032c38afa7fe725f5efece

SHA1
ab2c74caed3dec6cfba9a3234ed1fc45829f0009

SHA256
84d8a18ba726a58a73cf842ad327e51018a9117e816d1124a285412a4f40b28b

SHA512
967e50bd839a1c17def358a344faeb3fa28605d9d6a4bf373c5d68880079705e994aa6e246ec5b581f2a4314bf8d867d981b07b0dc686328316a56addb1aee4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe

Filesize
192KB

MD5
132803ebf8b7b41ac8f1cd137fa2f954

SHA1
0ece873dde043e7acb96d7e36dd28c3ca9670a44

SHA256
46064517d7d5251f7be78534c98ebb15fc03ddfecb596edfcace1991a752ae79

SHA512
c5c71daef3399788c857bfc38948976cd611ee15ac4faf23c42bfdb7cb7969d8d285025ee1989e96dfa9ec577fa739d03158f345b9099c171fabba98f069bd35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe

Filesize
192KB

MD5
700cf48c979b2dadc52fd8789ede33c0

SHA1
1e70b35d640338700daf8391d987fd3a748be0e3

SHA256
4d1759181e266d2f18896c41b5b03297e5bd75b8616b51d3c2f1891846be1029

SHA512
0147a9ef4c339424400ec0436ffde2ab3ca94943c022c9d4b700aa767cda50e3b2d5dbca9479e4cf00da29993cadfe843cb051704994f7ec70470ab009f5e8b7

Download Submit
memory/2492-1768-0x00000000002B0000-0x00000000002DE000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads