5860e431a5745e7a65c95ed83e8bf2179acac14eebc8b042aae74012ef273f25

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 00:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

84249419d69df66090228e67bf64a846_JaffaCakes118.exe
Size

192KB
MD5

84249419d69df66090228e67bf64a846
SHA1

5ef2c150380985525844dc8c586acc284bc9db68
SHA256

5860e431a5745e7a65c95ed83e8bf2179acac14eebc8b042aae74012ef273f25
SHA512

7a309c18ec6de51f82ce083d5e81812c3f36c5cd76ce85905db3730f5444033a4fe0f8f709dc2a2f7864824fc18dc9ef47c3fce082ec62c09b4fffab92ca23c1
SSDEEP

3072:5nEmoAtdBQApNQT0VVuawD8b6E2lrZ8zTQ0Fx8Kt/KNlVvMO:5nRokBzQSV9wD8vPMnNlVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2128	Unicorn-27989.exe
1808	Unicorn-29152.exe
3040	Unicorn-49018.exe
2904	Unicorn-39874.exe
2660	Unicorn-49967.exe
2192	Unicorn-4295.exe
2588	Unicorn-26093.exe
2980	Unicorn-19932.exe
1820	Unicorn-42346.exe
2044	Unicorn-46295.exe
316	Unicorn-623.exe
2724	Unicorn-43975.exe
1616	Unicorn-47047.exe
2880	Unicorn-47519.exe
1044	Unicorn-24707.exe
1412	Unicorn-3370.exe
848	Unicorn-20391.exe
1148	Unicorn-23236.exe
1524	Unicorn-6727.exe
2336	Unicorn-27733.exe
1520	Unicorn-6888.exe
2116	Unicorn-55404.exe
2944	Unicorn-29233.exe
992	Unicorn-40770.exe
1032	Unicorn-7116.exe
876	Unicorn-744.exe
2380	Unicorn-42955.exe
2624	Unicorn-25934.exe
2168	Unicorn-57132.exe
3064	Unicorn-16648.exe
2672	Unicorn-36514.exe
2200	Unicorn-15408.exe
2140	Unicorn-60590.exe
2320	Unicorn-3283.exe
2808	Unicorn-7990.exe
2556	Unicorn-42033.exe
2608	Unicorn-44643.exe
2988	Unicorn-51374.exe
1660	Unicorn-59604.exe
1968	Unicorn-60912.exe
2060	Unicorn-35426.exe
1276	Unicorn-55292.exe
1372	Unicorn-17005.exe
2444	Unicorn-23013.exe
1104	Unicorn-11384.exe
1588	Unicorn-57056.exe
2376	Unicorn-7128.exe
1080	Unicorn-29473.exe
2208	Unicorn-17845.exe
820	Unicorn-8124.exe
2204	Unicorn-38706.exe
268	Unicorn-36546.exe
1976	Unicorn-60984.exe
2056	Unicorn-23346.exe
2936	Unicorn-29354.exe
2452	Unicorn-52292.exe
2352	Unicorn-14653.exe
1684	Unicorn-8493.exe
2088	Unicorn-5478.exe
2316	Unicorn-25344.exe
2576	Unicorn-6018.exe
620	Unicorn-28416.exe
1820	Unicorn-6542.exe
2696	Unicorn-42592.exe

Loads dropped DLL 64 IoCs

pid	Process
2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe
2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe
2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe
2128	Unicorn-27989.exe
2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe
2128	Unicorn-27989.exe
1808	Unicorn-29152.exe
1808	Unicorn-29152.exe
3040	Unicorn-49018.exe
2128	Unicorn-27989.exe
2128	Unicorn-27989.exe
3040	Unicorn-49018.exe
2904	Unicorn-39874.exe
2904	Unicorn-39874.exe
1808	Unicorn-29152.exe
1808	Unicorn-29152.exe
2660	Unicorn-49967.exe
2660	Unicorn-49967.exe
3040	Unicorn-49018.exe
3040	Unicorn-49018.exe
2192	Unicorn-4295.exe
2192	Unicorn-4295.exe
2980	Unicorn-19932.exe
2980	Unicorn-19932.exe
2588	Unicorn-26093.exe
2588	Unicorn-26093.exe
2904	Unicorn-39874.exe
2904	Unicorn-39874.exe
1820	Unicorn-42346.exe
1820	Unicorn-42346.exe
2660	Unicorn-49967.exe
2660	Unicorn-49967.exe
2192	Unicorn-4295.exe
316	Unicorn-623.exe
2192	Unicorn-4295.exe
316	Unicorn-623.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2724	Unicorn-43975.exe
2724	Unicorn-43975.exe
2980	Unicorn-19932.exe
2980	Unicorn-19932.exe
1616	Unicorn-47047.exe
1616	Unicorn-47047.exe
2880	Unicorn-47519.exe
2880	Unicorn-47519.exe
2588	Unicorn-26093.exe
2588	Unicorn-26093.exe
1044	Unicorn-24707.exe
1044	Unicorn-24707.exe
1820	Unicorn-42346.exe
1820	Unicorn-42346.exe
1412	Unicorn-3370.exe
1412	Unicorn-3370.exe
848	Unicorn-20391.exe
848	Unicorn-20391.exe
1148	Unicorn-23236.exe
1148	Unicorn-23236.exe
316	Unicorn-623.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2524	2044	WerFault.exe	40
1872	2624	WerFault.exe	59
748	3064	WerFault.exe	61
2776	1968	WerFault.exe	71
2652	2444	WerFault.exe	75
2572	876	WerFault.exe	57
2128	2060	WerFault.exe	72
936	620	WerFault.exe	97
2244	1588	WerFault.exe	78
2344	2760	WerFault.exe	146
2640	840	WerFault.exe	114
2528	2212	WerFault.exe	111
572	2960	WerFault.exe	122
2104	2000	WerFault.exe	129
2972	2088	WerFault.exe	92
2304	2892	WerFault.exe	138
1248	2548	WerFault.exe	105
1384	1820	WerFault.exe	98
2964	2292	WerFault.exe	216
1540	2724	WerFault.exe	172
2920	2648	WerFault.exe	163
3592	2720	WerFault.exe	184
3976	296	WerFault.exe	202
4072	2996	WerFault.exe	144
3876	2936	WerFault.exe	211
2832	1728	WerFault.exe	217
3544	2540	WerFault.exe	225
3408	3268	WerFault.exe	246
3260	1104	WerFault.exe	234
316	3932	WerFault.exe	262
304	3968	WerFault.exe	263
3492	3988	WerFault.exe	265
2556	3644	WerFault.exe	282
4024	3692	WerFault.exe	296
2988	3740	WerFault.exe	298
1796	1340	WerFault.exe	307
2016	3320	WerFault.exe	327
1044	3732	WerFault.exe	330
3852	1276	WerFault.exe	367
2800	3680	WerFault.exe	374
1984	2380	WerFault.exe	385
3760	2420	WerFault.exe	408
3452	3888	WerFault.exe	406
2804	3560	WerFault.exe	405
2932	2756	WerFault.exe	403
3236	1992	WerFault.exe	391
3424	3220	WerFault.exe	426
688	2672	WerFault.exe	384
3300	2184	WerFault.exe	357
3416	2872	WerFault.exe	390
4508	3084	WerFault.exe	430
4584	2116	WerFault.exe	419
4848	3344	WerFault.exe	429
5052	1600	WerFault.exe	382
4880	2812	WerFault.exe	412
4232	2784	WerFault.exe	342
3904	3468	WerFault.exe	469
4208	5016	WerFault.exe	508
5116	4248	WerFault.exe	488
2612	4736	WerFault.exe	501
3184	2092	WerFault.exe	482
3640	4280	WerFault.exe	489
4732	4628	WerFault.exe	499
920	1800	WerFault.exe	457

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28805.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50439.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56285.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24634.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52274.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe
2128	Unicorn-27989.exe
1808	Unicorn-29152.exe
3040	Unicorn-49018.exe
2904	Unicorn-39874.exe
2660	Unicorn-49967.exe
2192	Unicorn-4295.exe
2588	Unicorn-26093.exe
2980	Unicorn-19932.exe
1820	Unicorn-42346.exe
2044	Unicorn-46295.exe
316	Unicorn-623.exe
2724	Unicorn-43975.exe
1616	Unicorn-47047.exe
2880	Unicorn-47519.exe
1044	Unicorn-24707.exe
1412	Unicorn-3370.exe
848	Unicorn-20391.exe
1148	Unicorn-23236.exe
1524	Unicorn-6727.exe
2336	Unicorn-27733.exe
1520	Unicorn-6888.exe
2116	Unicorn-55404.exe
2944	Unicorn-29233.exe
992	Unicorn-40770.exe
1032	Unicorn-7116.exe
876	Unicorn-744.exe
2380	Unicorn-42955.exe
2624	Unicorn-25934.exe
2168	Unicorn-57132.exe
2672	Unicorn-36514.exe
3064	Unicorn-16648.exe
2200	Unicorn-15408.exe
2140	Unicorn-60590.exe
2320	Unicorn-3283.exe
2808	Unicorn-7990.exe
2556	Unicorn-42033.exe
2608	Unicorn-44643.exe
2988	Unicorn-51374.exe
1660	Unicorn-59604.exe
1968	Unicorn-60912.exe
2060	Unicorn-35426.exe
1276	Unicorn-55292.exe
1372	Unicorn-17005.exe
2444	Unicorn-23013.exe
1104	Unicorn-11384.exe
1588	Unicorn-57056.exe
2376	Unicorn-7128.exe
1080	Unicorn-29473.exe
2208	Unicorn-17845.exe
820	Unicorn-8124.exe
2204	Unicorn-38706.exe
268	Unicorn-36546.exe
1976	Unicorn-60984.exe
2056	Unicorn-23346.exe
2936	Unicorn-29354.exe
2452	Unicorn-52292.exe
2352	Unicorn-14653.exe
1684	Unicorn-8493.exe
2576	Unicorn-6018.exe
2088	Unicorn-5478.exe
2316	Unicorn-25344.exe
620	Unicorn-28416.exe
1820	Unicorn-6542.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2128	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2128	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2128	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	31
PID 2292 wrote to memory of 2128	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	31
PID 2292 wrote to memory of 1808	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	32
PID 2292 wrote to memory of 1808	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	32
PID 2292 wrote to memory of 1808	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	32
PID 2292 wrote to memory of 1808	2292	84249419d69df66090228e67bf64a846_JaffaCakes118.exe	32
PID 2128 wrote to memory of 3040	2128	Unicorn-27989.exe	33
PID 2128 wrote to memory of 3040	2128	Unicorn-27989.exe	33
PID 2128 wrote to memory of 3040	2128	Unicorn-27989.exe	33
PID 2128 wrote to memory of 3040	2128	Unicorn-27989.exe	33
PID 1808 wrote to memory of 2904	1808	Unicorn-29152.exe	34
PID 1808 wrote to memory of 2904	1808	Unicorn-29152.exe	34
PID 1808 wrote to memory of 2904	1808	Unicorn-29152.exe	34
PID 1808 wrote to memory of 2904	1808	Unicorn-29152.exe	34
PID 2128 wrote to memory of 2660	2128	Unicorn-27989.exe	36
PID 2128 wrote to memory of 2660	2128	Unicorn-27989.exe	36
PID 2128 wrote to memory of 2660	2128	Unicorn-27989.exe	36
PID 2128 wrote to memory of 2660	2128	Unicorn-27989.exe	36
PID 3040 wrote to memory of 2192	3040	Unicorn-49018.exe	35
PID 3040 wrote to memory of 2192	3040	Unicorn-49018.exe	35
PID 3040 wrote to memory of 2192	3040	Unicorn-49018.exe	35
PID 3040 wrote to memory of 2192	3040	Unicorn-49018.exe	35
PID 2904 wrote to memory of 2588	2904	Unicorn-39874.exe	37
PID 2904 wrote to memory of 2588	2904	Unicorn-39874.exe	37
PID 2904 wrote to memory of 2588	2904	Unicorn-39874.exe	37
PID 2904 wrote to memory of 2588	2904	Unicorn-39874.exe	37
PID 1808 wrote to memory of 2980	1808	Unicorn-29152.exe	38
PID 1808 wrote to memory of 2980	1808	Unicorn-29152.exe	38
PID 1808 wrote to memory of 2980	1808	Unicorn-29152.exe	38
PID 1808 wrote to memory of 2980	1808	Unicorn-29152.exe	38
PID 2660 wrote to memory of 1820	2660	Unicorn-49967.exe	39
PID 2660 wrote to memory of 1820	2660	Unicorn-49967.exe	39
PID 2660 wrote to memory of 1820	2660	Unicorn-49967.exe	39
PID 2660 wrote to memory of 1820	2660	Unicorn-49967.exe	39
PID 3040 wrote to memory of 2044	3040	Unicorn-49018.exe	40
PID 3040 wrote to memory of 2044	3040	Unicorn-49018.exe	40
PID 3040 wrote to memory of 2044	3040	Unicorn-49018.exe	40
PID 3040 wrote to memory of 2044	3040	Unicorn-49018.exe	40
PID 2192 wrote to memory of 316	2192	Unicorn-4295.exe	41
PID 2192 wrote to memory of 316	2192	Unicorn-4295.exe	41
PID 2192 wrote to memory of 316	2192	Unicorn-4295.exe	41
PID 2192 wrote to memory of 316	2192	Unicorn-4295.exe	41
PID 2980 wrote to memory of 2724	2980	Unicorn-19932.exe	42
PID 2980 wrote to memory of 2724	2980	Unicorn-19932.exe	42
PID 2980 wrote to memory of 2724	2980	Unicorn-19932.exe	42
PID 2980 wrote to memory of 2724	2980	Unicorn-19932.exe	42
PID 2588 wrote to memory of 1616	2588	Unicorn-26093.exe	43
PID 2588 wrote to memory of 1616	2588	Unicorn-26093.exe	43
PID 2588 wrote to memory of 1616	2588	Unicorn-26093.exe	43
PID 2588 wrote to memory of 1616	2588	Unicorn-26093.exe	43
PID 2904 wrote to memory of 2880	2904	Unicorn-39874.exe	44
PID 2904 wrote to memory of 2880	2904	Unicorn-39874.exe	44
PID 2904 wrote to memory of 2880	2904	Unicorn-39874.exe	44
PID 2904 wrote to memory of 2880	2904	Unicorn-39874.exe	44
PID 1820 wrote to memory of 1044	1820	Unicorn-42346.exe	45
PID 1820 wrote to memory of 1044	1820	Unicorn-42346.exe	45
PID 1820 wrote to memory of 1044	1820	Unicorn-42346.exe	45
PID 1820 wrote to memory of 1044	1820	Unicorn-42346.exe	45
PID 2044 wrote to memory of 2524	2044	Unicorn-46295.exe	46
PID 2044 wrote to memory of 2524	2044	Unicorn-46295.exe	46
PID 2044 wrote to memory of 2524	2044	Unicorn-46295.exe	46
PID 2044 wrote to memory of 2524	2044	Unicorn-46295.exe	46

C:\Users\Admin\AppData\Local\Temp\84249419d69df66090228e67bf64a846_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\84249419d69df66090228e67bf64a846_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 224
        8⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51537.exe
        9⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        11⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        12⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe
        13⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        14⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
        15⤵
        Program crash
        
        PID:2612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        9⤵
        Program crash
        
        PID:1248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        8⤵
        Program crash
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35725.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        13⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
        15⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 224
        16⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        15⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        16⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39930.exe
        17⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        18⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        19⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        20⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        11⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        12⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
        13⤵
        Program crash
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12713.exe
        11⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        13⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 220
        14⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41733.exe
        8⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 224
        9⤵
        Program crash
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23267.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64300.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        11⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22241.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37429.exe
        14⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        15⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        16⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        17⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37148.exe
        18⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        19⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        20⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        21⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        12⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        15⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
        16⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
        17⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        18⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        19⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        20⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        11⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        12⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        13⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        14⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        15⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
        16⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59737.exe
        17⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 224
        18⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4989.exe
        14⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        15⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50071.exe
        16⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        17⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        18⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        19⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
        20⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
        21⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        22⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 244
        23⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        16⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        17⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
        18⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        19⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        20⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        22⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32753.exe
        15⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 224
        16⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6973.exe
        10⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        12⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30707.exe
        13⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
        14⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        15⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
        16⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
        17⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
        18⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
        19⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        20⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 248
        9⤵
        Program crash
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        9⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 220
        10⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 248
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 244
        7⤵
        Program crash
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        10⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23642.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14394.exe
        13⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 244
        14⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1877.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        11⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 224
        12⤵
        Program crash
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3024.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        11⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11846.exe
        12⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        13⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        14⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        15⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11262.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        17⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        18⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
        19⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        20⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
        21⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
        8⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        9⤵
        Program crash
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        8⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 244
        9⤵
        Program crash
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        8⤵
        Program crash
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38608.exe
        12⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33255.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9826.exe
        16⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        19⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7497.exe
        9⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 224
        10⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63465.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50665.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        14⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51686.exe
        15⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        16⤵
        
        PID:564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 220
        17⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47062.exe
        14⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 220
        15⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        14⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24.exe
        16⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        17⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 224
        18⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        10⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        11⤵
        Program crash
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        10⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        11⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        12⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        14⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        15⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47557.exe
        16⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        17⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        18⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        19⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        20⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9747.exe
        12⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
        13⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 220
        14⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        7⤵
        Program crash
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        6⤵
        Executes dropped EXE
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
        7⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        12⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        13⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        14⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        15⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        16⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        17⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        18⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        19⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 380
        13⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 380
        12⤵
        Program crash
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        11⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 244
        12⤵
        Program crash
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 372
        11⤵
        Program crash
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        11⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
        12⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        14⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
        15⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 224
        17⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        11⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        12⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28686.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
        14⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        15⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 224
        16⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        12⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12836.exe
        13⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        14⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 224
        15⤵
        
        PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 220
        8⤵
        Program crash
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53108.exe
        11⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 244
        12⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
        11⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53682.exe
        12⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32291.exe
        13⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
        14⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        15⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9148.exe
        16⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        17⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        18⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13327.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61893.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39745.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        12⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        13⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
        15⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37801.exe
        16⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        17⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        18⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        19⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52089.exe
        20⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11845.exe
        13⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        14⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47174.exe
        15⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
        16⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 220
        11⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27618.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        11⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
        13⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23029.exe
        14⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        16⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
        17⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        18⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        8⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 220
        9⤵
        Program crash
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220
        6⤵
        Program crash
        
        PID:2652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        10⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 200
        11⤵
        Program crash
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17425.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe
        11⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        12⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        13⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14941.exe
        14⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        15⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        16⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        17⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60483.exe
        18⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        19⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        21⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41811.exe
        13⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28805.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        16⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        17⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
        18⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        19⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        20⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61389.exe
        21⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        22⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
        15⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        16⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63966.exe
        17⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
        18⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
        19⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
        21⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        19⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        20⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
        11⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
        12⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
        13⤵
        Program crash
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43757.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        12⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        13⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
        14⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        15⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        16⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
        17⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        18⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        19⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        20⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
        21⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42309.exe
        22⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        10⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17778.exe
        11⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        13⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        14⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        15⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        16⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        17⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
        18⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        19⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        20⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2504.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        12⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
        13⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        14⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        15⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        16⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        18⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        19⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        20⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18104.exe
        12⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        13⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        14⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        15⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        16⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        18⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        19⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 244
        20⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        8⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 224
        9⤵
        Program crash
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        9⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 224
        10⤵
        Program crash
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        11⤵
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 220
        12⤵
        Program crash
        
        PID:3424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 228
        11⤵
        Program crash
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37504.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14268.exe
        11⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        13⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        14⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        15⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        16⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
        17⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        18⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        19⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        20⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        21⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 240
        22⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
        21⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        13⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 220
        14⤵
        Program crash
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
        10⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 220
        11⤵
        Program crash
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        9⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 244
        10⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        8⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50929.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        11⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        12⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 244
        13⤵
        Program crash
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 224
        13⤵
        Program crash
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58669.exe
        11⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
        12⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32895.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51321.exe
        14⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        15⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        16⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        17⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
        18⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        19⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        20⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        10⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        11⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 220
        12⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3739.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        11⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15990.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        13⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        14⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        15⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
        16⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        17⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
        18⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
        19⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        20⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        8⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 188
        9⤵
        Program crash
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        8⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        11⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 240
        12⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6678.exe
        13⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        14⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 240
        15⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        12⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 224
        13⤵
        Program crash
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        12⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 220
        13⤵
        Program crash
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8682.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46608.exe
        12⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26632.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        14⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30163.exe
        15⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        16⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        17⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4164.exe
        18⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        19⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        20⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
        21⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        12⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        13⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57117.exe
        14⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        15⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        16⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
        17⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        18⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        19⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        18⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        17⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        11⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 240
        12⤵
        Program crash
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36655.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
        11⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        13⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56744.exe
        14⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44459.exe
        15⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        16⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 224
        17⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        11⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34370.exe
        12⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        13⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        14⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50925.exe
        15⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        17⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        18⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49410.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        20⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        12⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        13⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        14⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61506.exe
        15⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        17⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        18⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        19⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
        8⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 224
        9⤵
        Program crash
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57321.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42817.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12036.exe
        13⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
        14⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        15⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        16⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
        17⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        18⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46260.exe
        19⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14053.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64865.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        10⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        11⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        12⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        13⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        15⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        16⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        17⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        18⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
        19⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        20⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        21⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        22⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        15⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        16⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63665.exe
        17⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        18⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8165.exe
        19⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11626.exe
        20⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26802.exe
        21⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
        22⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        14⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17113.exe
        15⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31160.exe
        17⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
        18⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45751.exe
        19⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8276.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        21⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        14⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        15⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        16⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        17⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51985.exe
        18⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        19⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9195.exe
        20⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28542.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49295.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        13⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
        14⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        15⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        16⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        17⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        18⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54828.exe
        19⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        9⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        10⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7893.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        10⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        11⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64749.exe
        12⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        13⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1752.exe
        14⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
        15⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
        16⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
        17⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        18⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        19⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
        20⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
        13⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61153.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        12⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        13⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
        14⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60341.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        16⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        17⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 220
        18⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        8⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 224
        9⤵
        Program crash
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        8⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
        10⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
        11⤵
        Program crash
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        11⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 244
        12⤵
        Program crash
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        8⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        11⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        12⤵
        Program crash
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        10⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        11⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        10⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        11⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        12⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        13⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        14⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        15⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        16⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        18⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        19⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43909.exe
        11⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25793.exe
        12⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        13⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 224
        14⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28949.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        8⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 240
        9⤵
        Program crash
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24634.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
        11⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        12⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        13⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        14⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        15⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2572.exe
        16⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        17⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10911.exe
        18⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
        19⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 224
        20⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 376
        19⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 380
        18⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 376
        17⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 376
        16⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 376
        15⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 368
        14⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 376
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
        12⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe
        13⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        14⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        15⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        16⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
        18⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        19⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 376
        18⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        17⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 376
        17⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 376
        16⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 376
        15⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 376
        14⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 376
        13⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 376
        12⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 376
        11⤵
        Program crash
        
        PID:5052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7128.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58188.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
        11⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-345.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        13⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        14⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11066.exe
        15⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
        16⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        17⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        18⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43006.exe
        19⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        20⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        21⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        22⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        14⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
        15⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        16⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40579.exe
        17⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        18⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47050.exe
        19⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5047.exe
        20⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        21⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36895.exe
        11⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10071.exe
        13⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        15⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        17⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        18⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31203.exe
        19⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
        20⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        12⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2149.exe
        13⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        14⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        16⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        17⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        18⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
        19⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        20⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34472.exe
        21⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        13⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        14⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        15⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46194.exe
        16⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17134.exe
        17⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20652.exe
        18⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        19⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9681.exe
        20⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49010.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        12⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        13⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 220
        14⤵
        Program crash
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49039.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        10⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        11⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26159.exe
        13⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 244
        15⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        10⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39221.exe
        11⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        12⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        13⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 224
        14⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6154.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62731.exe
        9⤵
        
        PID:296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 224
        10⤵
        Program crash
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        10⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 224
        11⤵
        Program crash
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        13⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19178.exe
        14⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36065.exe
        15⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        16⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        17⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7450.exe
        18⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        19⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        20⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55743.exe
        11⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        12⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30144.exe
        14⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        15⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
        16⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
        17⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        18⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
        19⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
        20⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 376
        19⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 380
        18⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
        12⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 220
        13⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23389.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62864.exe
        10⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 224
        11⤵
        Program crash
        
        PID:304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 248
        9⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
        12⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        13⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        14⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        15⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        16⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        17⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        18⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28066.exe
        19⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        9⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 220
        10⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        10⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
        11⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 244
        6⤵
        Program crash
        
        PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27733.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43119.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11403.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
        10⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        12⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
        13⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35419.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43522.exe
        15⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        17⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        15⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        16⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        17⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 220
        18⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39263.exe
        12⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        13⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        14⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        15⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 224
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        11⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        13⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 220
        14⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44638.exe
        12⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30275.exe
        13⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
        14⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        15⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        16⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
        17⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        18⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        19⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2187.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64445.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17435.exe
        11⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        12⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        14⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        15⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        17⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        19⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
        20⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
        10⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64270.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        12⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        14⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        15⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        16⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        17⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23018.exe
        19⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43590.exe
        6⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 244
        7⤵
        Program crash
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
        13⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        14⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6985.exe
        15⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63576.exe
        17⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
        18⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15006.exe
        19⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        19⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
        18⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        10⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        12⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        13⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        14⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        15⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
        16⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        17⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
        18⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
        11⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        12⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
        13⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33769.exe
        14⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        15⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41844.exe
        16⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 240
        17⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        7⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        8⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 224
        9⤵
        Program crash
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
        12⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        14⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        15⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        16⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        17⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        18⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 224
        19⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58004.exe
        12⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34112.exe
        13⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        15⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        16⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36542.exe
        17⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        18⤵
        
        PID:5776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19066.exe

Filesize
192KB

MD5
1c68cb76784b3b64e7e5102abf31ff96

SHA1
e553bf1b4181c38e7e1fd6d7bf4743174b019d7d

SHA256
6362f198bb7c652532b4e2bef74ceb49badbef42726b7a447864372a0c5feed2

SHA512
4a39fc8f40c7f5788b2c19b4e52c69a33026f05a74cd19c7fe7f764b4c2b030b244baf9a3a29377047e09396e4b2e407dd037f2d1cd5dfa31457338bc04492f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19630.exe

Filesize
192KB

MD5
1cf55a79ea5404e32a28172c7f62028f

SHA1
86b3bf4ed9d51a9cc5fed164c20124b274c402b5

SHA256
6ec77670ce484f1b337450040a1cd35203a33a3eceb36367f1ecb9ee1edcc262

SHA512
31f680716a6208a6e375769f0bce1b43126f9b85382cc66871e94e5d03e20b13566e7dae6172a2c1b27032d9d418894e71938aaa17052ac25327bcd4268409a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe

Filesize
192KB

MD5
ccfbd69a2f3bc7b6f654669b62e25cfa

SHA1
7b5fedb9a9b0b0fdfea6f02d27bfb307e0d023b4

SHA256
9c8f159aa2ec92a0a17b59eda82562576d9d0041612ca3a6bf24658d36a3926c

SHA512
2f4f26b584c53291c95093393dc69f8c8505347a6d6a8f70b7b1a12203f35afd5dffc95fbd7b66146ab582863ebd26d61b9721504e3e1a3454f37ad83f1fd790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe

Filesize
192KB

MD5
845f49d08f302f7901aa3d7995bc90dc

SHA1
f6509d75adef2525c829515f13bf5cb3fc9bf22f

SHA256
4ce6a3b5110b08b30b15e736021980bdbead3b07cdd81e7847859b2a9d5ea528

SHA512
8303fdd1787f3ee70c2dce602f7f5e466793c320ded402048d77f92bc545154e4106f986d5f30b08c385b640562357382972631a44eec65c099d84d30ba3a547

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe

Filesize
192KB

MD5
7acfb21d6dff417310a4a697ea127e43

SHA1
979cbfdf21976f096b28b6dbc310015acea1edd0

SHA256
eb6de99d52bf0370ecd4071925e5238b702cfb4aec984c7d669ceef418257e2f

SHA512
d0315c52f17c9a47e94fa447623e61da40df831cfb22a6f5dba20742539ff69aeda84cf0d46871df3d44db4377572123e288aa3d991b03dad3da993d9605f4fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe

Filesize
192KB

MD5
751a1ba00f1d055e0d6578984975c5a7

SHA1
28cc737fbb39855e0adbe76e8ffeba256a792b11

SHA256
94f1ba16b7f452240444698a2dd1f149bd13da1b167435030d191c54f2519bfa

SHA512
09a3a0dfe12b5b3659a8e1bc0329aa8eac5cdea57f29c09ea3923ff44a56daca9e40d03d19eecaf142f03fcee82ff9b58737d4364045d01f81f33ea9194518b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe

Filesize
192KB

MD5
73426689eae1319431c5c201b7544796

SHA1
9d941f5bbe8f63fc1db818cb647a9e5305d2a4c6

SHA256
82dabf90c14243a2145bb170190ca625d91b6c537e22e33c6f0b0e516b4ff431

SHA512
6dc3f02e801c081524307bc7d57bf4ea214f4bf660826945064d152f9590ebc1e70b8c63c31ee135c6f2366bffdeeb7b9cafe157eaf2a09a92165510d123b16e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe

Filesize
192KB

MD5
bce852ea94d7914718aa0f4140176719

SHA1
7b5d87f63abee130c9f7f815d54e2ca9af7e4e2b

SHA256
861ad0a6910bb3cbc6fd1c3ffd8ddb0c1ee3dc598b3708bd693a959e9e2fc87b

SHA512
d3036c3a5c3b81972248f7220b3b674d7da926daaead996b2718839c1693f2959f1fb3165685dcb9009545d33fa35dfdde7934f1f6474e932edef5b92d9c786a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe

Filesize
192KB

MD5
25eecc1f30d620e4596d1b5fbd622f4b

SHA1
e7cef48a47f089be525a74dc8a28aac0cce0fa36

SHA256
6e38c9a5d5328c260618697069c298a20173ac3e47497798b98493bbc66155f3

SHA512
bffc1ce1fb8bf2df5f00990e06a2edc79bce2e7c6d6ae4c9c947a86a2364b29049ae8b28d7cd05f4367a9b05780e8238702d29c1f826e1c1dfdebe1b87181d11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe

Filesize
192KB

MD5
5b6d151387d6afb43ac5d860fa080608

SHA1
d97163bd3092d293004a8ecf8f7af258394c1514

SHA256
9bbd219ab8f9ea8fde11d9833ac01b5108fa2bc2244b1a23443c5ebab79e73d2

SHA512
601a729a234050855f54ccf16ff8eb6b0600c3e39fc4e8cfc602569a62d89b990e6ecdd3d006875968eb1a84bb3eb6ad405d93b6790b6daf719baa2019bcab41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe

Filesize
192KB

MD5
17136684cef3679b685bda03138e744b

SHA1
683fbfb0f5aa5ae4200477346e5b3245134156d1

SHA256
37a55398014153a020ccfb2135121dd7d1d29578f1896ff490da89c3c98ebec0

SHA512
1ca05834e0d72caf2a92e4698286d645ed06de067a2c574982b685f8f5412e98f0c2cb62b125cdc02e24b2117e1859d3afc8973291b70922421d6d78c5bab0ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe

Filesize
192KB

MD5
079be43d560f7925133bfb3174b457c8

SHA1
f03bb1c9af6279e520781ecfefe2d0892197df0a

SHA256
f6c93d58ff152121db8c428a4ea27d5875a024af5815ab8d4f4cf3cebdef95ff

SHA512
a47fb2608d0f047d74ab0f5b4a512afd55bd2fc142faf475c2d8087e17527f2f476085a628a5bd10d11b6428ede1a932343cdc12faf80a0e6f179fc88cb116a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe

Filesize
192KB

MD5
7b0d496f6ab8969cf315a85f5790cdb9

SHA1
2d99bb196dfcdf1eb63d955a32e71c3dcd25c2f4

SHA256
d834be0acabf3cbc0cb91c64752321581030331ad8b0ff755f73ddc5959ead7b

SHA512
80b1068d992e450e61f96244f65abfe439e46ea7f1bfde3175007516e59e2c727d240ae66c6a40e61a084252ba3e88d11cbd4d3a2f1858722c770bec59196ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe

Filesize
192KB

MD5
cd55e3d016cac4efd3d88fd95e9c8a15

SHA1
c4739a0bac4ed93a7ebbbae433ac4ed2225dd348

SHA256
e031b531c4120607716247ad75c1a4fc7753b81947130076114ec4048a7b60d7

SHA512
b14f81ef05de5fd1b5cf4b8eb33f00483e8652a359aa7b5360d33be6be753688b85bc6496a4850169e83ac93efb22caf30947bd20a4c038ff348b1f5cf187342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe

Filesize
192KB

MD5
f98a6b0453f874c50fbabd5987aa1c07

SHA1
e4293e46d89340ff74fc0104b012eedf06c49234

SHA256
bb72197012abe0d54b4b65aa6ffa8f8b81721f7d208049b51dc13c2bac2d6b0a

SHA512
c074306b40bdbbfb2fd759fda724c5c404cb168f61e6fc04a8e2149a837b73362c11f4f348ee9dc677ccb7f7460fa91b1348f802279ddf6a152d52e0d939ada7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe

Filesize
192KB

MD5
f180b34b650e6cee771ba2df05705515

SHA1
70df2bcb33af745d7ad8ac0d9fe99f4b3a619b6c

SHA256
31468c3f4615aeb21a51f50dee6a6d083e12708137287c6d35dea084a685b952

SHA512
ce95911a4a3e52c4903a26115555aa62fdb70c51f0778d7bdc2fdbf9c6ec1de91c4a225ca3b0325c85cea9f9d2d4f9d4cd31ac3ee4060df5b82c0ef497369bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58448.exe

Filesize
192KB

MD5
e8f82f74b172c528c8fe6e9aeb6d0369

SHA1
928dc5fe5476f2140f9e9ebd508a3ccdc341bc2c

SHA256
2040dbd3889cc08d59f78eb4a773115725c64e797e8aa53ce8fa3f7d851c8248

SHA512
6a277471ac8fdf334d280c5dbe635b70597fa270691582ebdce69c56df424fc74746393cd23425086fd5fdb30c1728b4bb63aef20b3cfaab1c6098de7a5d8574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe

Filesize
192KB

MD5
5915e4761acf44ee58f75445496e4fcc

SHA1
87c188dc623c4d05dbab32fee1b5b0f8d5d4f1c4

SHA256
ac84f5e6e1865c538a47dcbbffb2afb675714b21b5d5b9e9d89c4f897c0be86f

SHA512
a1dfae3591845a5a9a034bafabde3ae30c61fcc4c8041d9750b6ef41c86db471d75326c0234ad23f6a3ee7a7248e2044f922e4eeaf95a257544d6567161fd3cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe

Filesize
192KB

MD5
12cf811132d82142c76ed7c6946f7785

SHA1
b5c26ade8c5a130185d7068c2fc4158387193373

SHA256
45fcdfe018b9fa8ac75624f693ac3d665a841d87da18825f46aa66bff14769d3

SHA512
b704385e3fe711d588e181e387554228fad2bca469052a260bd71f104ffb155f65d8ecda21bfe6f952e4f158799460b9414c150c3c84a5e0b5e4ed5dc0257ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5996.exe

Filesize
192KB

MD5
3da2cff156a7918756fce6db8723b174

SHA1
39f38057dde33d70365d5151903373758f880b1d

SHA256
bfd48c4dccbad99c06e31067df0b15042d617bafc8a813f3ce6608dfc210460b

SHA512
c0255174d0bb57adb34d0355591620f889cc55d25be754f120a0069c23e554af19128e02725bb11132013b40513a24bd51e069258221134f45a29788bf7bdd1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe

Filesize
192KB

MD5
484c66e37c9b41b0fc59d2551aaee98a

SHA1
9eb600b2406efd09cd617d78eb2e3daec5467cfb

SHA256
020ccd5b6b15226086df262603802eb73e05d5914470a2116ac1228fec7e86eb

SHA512
ca8759419ae728736e6d36ed4b72667ff8cae33f4531cd0ce54d66c40c99ab09ff0dad67ccdecde8c9226342080f2ed977876a391475054d12dce19d0999b9f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61938.exe

Filesize
192KB

MD5
5848d09b5e1d0b81bb4126557bda540d

SHA1
145718da2c1c3a42f5a5bd6310ca41783e56cb41

SHA256
e28e52975777fe4d8498771a7d211198cd7af3356b6bc1caccbfa82230d3ac26

SHA512
30dccf186f37caeb5e60017e3349801af56d3abc851270b8fd87e7bd3a8c0ee81cf2d37a2e4aef99e6eb978f4f2b5bf2cbb9d8ae084de8bdfff50f22e9b6a7bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe

Filesize
192KB

MD5
ff3d54a383af3827f7dacf739f585951

SHA1
3a235fa06fc9bb6e74d5d8876e670d3a50d8a37b

SHA256
5e7bab0410f960b2c498034870b364f97ef0b679645dbd55e1681c40933bb537

SHA512
764ec07d771dbd23a29a4e53fe6e078a732127d2d46adc229850cf872ab808b4eef96704028c7d1acd3404af37c84acdef7ec1d30eb45ab90317d3399114ac08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe

Filesize
192KB

MD5
eb0f85f75644bda5020bda3f54d4b6d1

SHA1
3d143e542a6e70c3554bad8d48ccfec3b8191af6

SHA256
873c287ae24a3194a76d9e058d3b790dd779a484a90a7b5ed73c02f63e211f08

SHA512
3b7ee5e474da510a733e5afd55d79994acfdf6dc8a3b3f312466a982bbd9f592e6d165f91f4727c7290635a948a5aae6d46ad49e08fffcd3ca4aee29e807247d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6262.exe

Filesize
192KB

MD5
41dd4ae310bc10cd561866c9480e3d59

SHA1
b0b3090c93a66e8ec101792cb046ee86b25ff166

SHA256
00a00537e4268ed277cd3f8aab532309a0a1489d2a49d3b0f8532212f3f70e44

SHA512
f672f5c7a78fe0df430895ede19c425f6da72a47eb23a573c4acf27f13e1729b6a10a05c0fbfe8d6a3799a73746ee553a555eb0a00c84c2a0a1ca09f79ec31a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe

Filesize
192KB

MD5
8ad2910a3a527e1d698a6e3e0aba8f7e

SHA1
385ee9643fabe95fc5913e413b8216aeacd609ec

SHA256
7d379d44d70b9b775ab19a7ca355c0b2d533a7aed962c3686074abd88e85b285

SHA512
8c6ae7bd6b5ed77cc5ae5fbd80e7d5a14103bdbd929da8fd83a25ddddd49c0d8e3de9745150a9cee9691b84103336c63925c8dfc108b8a13d82c84c345d90036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe

Filesize
192KB

MD5
0da3b785a6aa979aacec8480dec6d4ae

SHA1
4aec8a285aa1aad61952ca7ac0cee92916edbffe

SHA256
6f69e91f82349b54822ff34a2f109b6fc3a7a44befcea0aabe1929c7aa89042b

SHA512
95ed405c2ec3d91eb02160927b0602acb19b1b299d27a257f896a90106fe11612feff7761f90c873a95c370d152829ad199c6b4b2d87af84241aac233664a219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe

Filesize
192KB

MD5
ac8d2ef63e902d0ec8f228c99d0bfc9a

SHA1
9a9f2ee9e39a6a9a11622f3391bc586a06ed0e9c

SHA256
0b05c3bf51f2e42c4ded775faa110818e68c1769d0579ce3236ae675fb65ae25

SHA512
248a42ee60916672b7dabf05e434aa2d835dc2fe82bae12c7c74acaf96205f19ba313a039ef9f6268de63b487abbfb2bef7a093cb77803adfa3655e3ca955b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe

Filesize
192KB

MD5
b3e15d289b9f5a967736a6e8a5e16768

SHA1
36bd3e030327a3625ddc06bbc5023517ef6b7155

SHA256
91c38e20d79a6dbfb84d82b57451d0d76ee7487a0e2105c5fd3d8a7761a52378

SHA512
2eb192c082feebd942a06e22ac7f4f92b11c8f4e0b0999a7af5b3612b18e5da518ef37f9af364cf722739074ece3a7ae1a03250473c51ed46402988059d84f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe

Filesize
192KB

MD5
e2a4bfa5b7915306400de807f3447d6e

SHA1
294e353988518f0cf59506a794605c08938ebdf0

SHA256
73ec492bbbc9bcaf7cd8800dea0d113a2d3c1bb935fd9cd714e0c05ed08a9ec3

SHA512
eed4a0ee4b397003c52a0501fd35613a6f47db14d0ad6c0e303ffa6b04c6ef014589bdd59ec59fc3d5f2837e15aa0919ca7b5ca110a3c6b1dc9dd184775f07a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe

Filesize
192KB

MD5
7c42bc99ed9bd8a08ace24f057af0447

SHA1
9cad5ea1dcc902e5ba59f7547f2241e650e1b56e

SHA256
1bea17987a040ceb346229910beb964b2d79d7e95988e24686155fe2c4daa50e

SHA512
9ef98bd5f51db3822e122ad6afccda4a2abb8c777972ee4649091b3dc55ed71bc02de64e603ef43a2dafa8dc5e8ae20b80dfa88afeca3a617e4ce57be47ad6ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe

Filesize
192KB

MD5
75f8af3d3dbd24d9786be2f7ede49783

SHA1
31d18ac7856dad4b59672b541c74ba2286523117

SHA256
da3764d607a10a4dc036cdc79d54b95c75aceea25c51105bfbe7b2510ffd7a12

SHA512
1cf4bc4733cbff323045b8b4568c567e74e6e425a308a6f965f9de3186bc45de89061c3ab9f671770a351eeb03e4b89e8c24b7673ffef2312805b720a81c1609

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe

Filesize
192KB

MD5
28a824912792f1cf808db23a4bc32abe

SHA1
7e87ced2c6c9df4320c84300fe8d86b1f097442d

SHA256
ad5f0b4250a9f4278e1db3b63236fbf07617458d1d2fac68254b37b113af2fc0

SHA512
2a4da1b77b4f7100d75a4ef3b21365a6bb37b938dc599538ffe23b4f0faebb0de7ee2bb091e3649cbf81a4d07721a1ef4d8c4911c81dbbe637c74b6c184548ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24707.exe

Filesize
192KB

MD5
ae0d5c293ab503d72fd9f80756d592ee

SHA1
e3eaef2a024c2b6fb2be126ddd6d0b0809a3e400

SHA256
40fa34c226ec0dad3fedef18a38e2f9d7ced82b93e78322fe2e98c789cabe22f

SHA512
e619d49c8d317d05b7846bbd1e7665a2dc4bbc60e96d2d83a74d66cc9bbbbf9b07298de8f99330c911f7637960f1d8261371e2a469217a8391d9ee4c96b5e028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe

Filesize
192KB

MD5
313a428bde242b860d780653f291f44b

SHA1
7a8587915eca2daec77469fa5577373b98781edd

SHA256
b249621db73f604c4d24ac21954aef5c61e8129dc59da8c10d41e60c10ed8aed

SHA512
3454742490db795973047d8edc2d2478fa05f76d5b828c6be96b0f244923faa975a94463efe3a71a95f4645beb1741f43687efa7833a07bfc71f7a5fec389447

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe

Filesize
192KB

MD5
416434e85b356ba272659350e68fc753

SHA1
d4df87d80d00320d85a6e416d14c7b941cf31b44

SHA256
fd9e7b2447f8bdabf3a0f24a061c818110c71975f4d33dd7d1167eb23331f86f

SHA512
7559e80307923bca7b50b53ee6ce8c614adaa108d906d9ccaa302e3f97e9b789ec7bfdd6dec511aa5eb7ac446639b676fbc888514c1ff9f3757c9a5a89443e18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3370.exe

Filesize
192KB

MD5
3ef55175c9d4f3497c352cd6ec5b3d9a

SHA1
58b852a1e7d46540d2cbb34fc3b43bd40c89219f

SHA256
b9823ebf1b1cf6aab2e2f25e4b793e17572b4fbcedb791447d00400e7658904e

SHA512
1610b95392802e1e8450dc1f3c40789bb6c82571e6ad48fa6dd49a468bf5801cb26f2466299cfa460441b4f0d9bd64136aa3545c7c66746424d226db5c3d5852

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe

Filesize
192KB

MD5
edb13d68f603f83bfb3417458b7f5341

SHA1
bba0a3467fa48897037f5a390abd58c934f254ec

SHA256
7922b8241f2298a2cf600ad8cf38bf77d275344994d3671a808a2e9fd9d5677b

SHA512
1d713fefd8ba9c6f2c08125add72d61fdd1e1a8acc5d56498390b733592c917b732e4938c48d33d063fe07410669a9e99e9f99d0105b6e0339ced7ffc6c8efef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe

Filesize
192KB

MD5
6517ce47e4eb9fc4b2a68640faacc8d1

SHA1
079d9bdf5dd768a93fb4f4940ebb931b6299a11d

SHA256
14d55f123587cd64df9ee5e533df234d021f9367d8f20cd18e394a373af63514

SHA512
c4214fe91ea6ac1a191b748a12a20845e5ef09390bb7c4557ce6777e1301b216dc0068cf33c50a019422a8f8592350501c14bddb16def42788bdc17a1bf08301

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe

Filesize
192KB

MD5
25db753988eef15af4f746737b9d75af

SHA1
42839d273240999619245d11122c733519d8a706

SHA256
d0dcba8c0a27c8765cbae1f53cdeffd43425ce978229f4dcc6ceb982f47585cb

SHA512
fbb651ab4a34e3a90099a0079a88dcd449c00661e8fa32342c0c6595e440b5345f534d2747d1142013b4a5368f489fb0eae4952e55c827cccedb6cbc3fe30d12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe

Filesize
192KB

MD5
e06c019b17c41842d33b10ab232b49c7

SHA1
b3246852eb6be91c743d5c9d4f1c934fd3ff7f83

SHA256
2653d5521748c32f625c6f0387614b1402d55be1034c1002550121564c8abc37

SHA512
af9fa57ea3bd417e854c86caf904a86d60725abc1d6f4071bfd4be2736538657040c88feae53e540c3e7a32cc41ffe33a033c13bba6e66b021f47eee6e9d5d89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49967.exe

Filesize
192KB

MD5
4227bb64edf2e9d307d8567c9ab314db

SHA1
93d8f3a0c7f26afc34067d41799453a130b0f6dc

SHA256
178f54c2de47db23a3055d333f4883f782d7ae52bb5cfe304ab8c01932452676

SHA512
3c00dbcbb8c087ccdbc8c92660ad047514d74f52301ea2294e5acdb935114ecb92fe85d6126e00ee686bb5f656139c0f91997e6a34bee5d04bd90ec5b0f60d7b

Download Submit