c3713ce3a1db4ab4f769967c8e3c7ed387385a5061a913437fffb6d93ab9e377

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 13:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
Size

192KB
MD5

8a9c3066c1494e55c6f0ecf755537fad
SHA1

7a0cb9e0c018c0802fbe79f5eeb36830bbbe6ad9
SHA256

c3713ce3a1db4ab4f769967c8e3c7ed387385a5061a913437fffb6d93ab9e377
SHA512

81dbc9b5b8949cd7c7d8ba44374d6a64d34b89dabaa804e74b96e03ccc74d5c183e45c824ff985af15bc6bd2fd30b6b5f1ea61a8d49cd9f2421df50e577e1e7d
SSDEEP

3072:tu8ooA5QBJAUYbC0ydvhWj8lEA/WrrHSThMFx7m38M8lVvM5:tuDohmnbedZWj84QCO8lVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2728	Unicorn-27705.exe
2756	Unicorn-37108.exe
2836	Unicorn-29110.exe
2604	Unicorn-54259.exe
2612	Unicorn-54259.exe
2656	Unicorn-30309.exe
1796	Unicorn-54809.exe
2492	Unicorn-47196.exe
788	Unicorn-9692.exe
1940	Unicorn-43434.exe
1972	Unicorn-23568.exe
1300	Unicorn-65172.exe
1052	Unicorn-61643.exe
1496	Unicorn-7803.exe
1648	Unicorn-28224.exe
2488	Unicorn-20994.exe
2924	Unicorn-15972.exe
2260	Unicorn-8358.exe
336	Unicorn-1122.exe
2096	Unicorn-46794.exe
1800	Unicorn-49747.exe
2128	Unicorn-4630.exe
876	Unicorn-16883.exe
2376	Unicorn-62554.exe
2056	Unicorn-12798.exe
2304	Unicorn-5185.exe
836	Unicorn-25051.exe
776	Unicorn-13353.exe
884	Unicorn-41387.exe
2636	Unicorn-62741.exe
2396	Unicorn-10525.exe
1824	Unicorn-56197.exe
2196	Unicorn-42814.exe
2672	Unicorn-17795.exe
1628	Unicorn-4796.exe
2232	Unicorn-63104.exe
600	Unicorn-41937.exe
1664	Unicorn-30239.exe
1808	Unicorn-904.exe
1164	Unicorn-9072.exe
2044	Unicorn-30645.exe
1968	Unicorn-38813.exe
1936	Unicorn-6695.exe
2920	Unicorn-18947.exe
2472	Unicorn-2103.exe
2176	Unicorn-43690.exe
628	Unicorn-63556.exe
1652	Unicorn-55943.exe
904	Unicorn-6187.exe
1620	Unicorn-34776.exe
1856	Unicorn-10826.exe
1572	Unicorn-42944.exe
1688	Unicorn-35714.exe
1596	Unicorn-55580.exe
2064	Unicorn-18632.exe
2112	Unicorn-30884.exe
896	Unicorn-23270.exe
2684	Unicorn-51304.exe
2492	Unicorn-65263.exe
2752	Unicorn-19592.exe
788	Unicorn-27760.exe
2796	Unicorn-16062.exe
2772	Unicorn-56156.exe
2652	Unicorn-2871.exe

Loads dropped DLL 64 IoCs

pid	Process
2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
2728	Unicorn-27705.exe
2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
2728	Unicorn-27705.exe
2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
2728	Unicorn-27705.exe
2836	Unicorn-29110.exe
2756	Unicorn-37108.exe
2836	Unicorn-29110.exe
2756	Unicorn-37108.exe
2728	Unicorn-27705.exe
2604	Unicorn-54259.exe
2604	Unicorn-54259.exe
2836	Unicorn-29110.exe
2836	Unicorn-29110.exe
2656	Unicorn-30309.exe
2656	Unicorn-30309.exe
2756	Unicorn-37108.exe
2756	Unicorn-37108.exe
2612	Unicorn-54259.exe
2612	Unicorn-54259.exe
2492	Unicorn-47196.exe
2492	Unicorn-47196.exe
2604	Unicorn-54259.exe
1972	Unicorn-23568.exe
2604	Unicorn-54259.exe
1972	Unicorn-23568.exe
788	Unicorn-9692.exe
788	Unicorn-9692.exe
1940	Unicorn-43434.exe
1940	Unicorn-43434.exe
2656	Unicorn-30309.exe
2656	Unicorn-30309.exe
2612	Unicorn-54259.exe
2612	Unicorn-54259.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
2660	WerFault.exe
1300	Unicorn-65172.exe
1300	Unicorn-65172.exe
2492	Unicorn-47196.exe
2492	Unicorn-47196.exe
1052	Unicorn-61643.exe
1052	Unicorn-61643.exe
1648	Unicorn-28224.exe
1648	Unicorn-28224.exe
2488	Unicorn-20994.exe
2488	Unicorn-20994.exe
1940	Unicorn-43434.exe
1940	Unicorn-43434.exe
2924	Unicorn-15972.exe
2924	Unicorn-15972.exe
1496	Unicorn-7803.exe
1496	Unicorn-7803.exe
788	Unicorn-9692.exe
788	Unicorn-9692.exe
1972	Unicorn-23568.exe
1972	Unicorn-23568.exe
2260	Unicorn-8358.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	1796	WerFault.exe	36
1692	2260	WerFault.exe	47
1632	2056	WerFault.exe	55
1736	884	WerFault.exe	59
2988	1968	WerFault.exe	78
3000	836	WerFault.exe	56
1612	1572	WerFault.exe	86
1784	628	WerFault.exe	81
2612	2672	WerFault.exe	65
2856	2112	WerFault.exe	90
336	788	WerFault.exe	95
1732	1936	WerFault.exe	75
2904	2652	WerFault.exe	99
2636	2388	WerFault.exe	111
2704	2996	WerFault.exe	124
1308	1788	WerFault.exe	125
2696	2140	WerFault.exe	128
2224	2536	WerFault.exe	179
2768	2456	WerFault.exe	184
2684	1300	WerFault.exe	190
1688	2844	WerFault.exe	192
3332	2756	WerFault.exe	183
3716	2084	WerFault.exe	203
3260	2920	WerFault.exe	168
1664	1848	WerFault.exe	182
2800	2628	WerFault.exe	159
3632	2476	WerFault.exe	181
3712	3396	WerFault.exe	261
3700	3544	WerFault.exe	243
3692	3404	WerFault.exe	240
2096	3976	WerFault.exe	254
3560	3860	WerFault.exe	251
3532	1268	WerFault.exe	272
592	2724	WerFault.exe	276
2136	3892	WerFault.exe	252
3272	3776	WerFault.exe	248
3352	2888	WerFault.exe	266
2380	3916	WerFault.exe	281
3196	4024	WerFault.exe	285
3904	1320	WerFault.exe	292
3340	1756	WerFault.exe	308
2284	3748	WerFault.exe	345
2908	2036	WerFault.exe	341
4012	3472	WerFault.exe	351
1512	2272	WerFault.exe	356
576	2012	WerFault.exe	346
3124	3856	WerFault.exe	305
4300	4020	WerFault.exe	381
4376	3724	WerFault.exe	389
4540	2288	WerFault.exe	419
4532	684	WerFault.exe	417
4856	2120	WerFault.exe	421
4180	3668	WerFault.exe	420
4196	3232	WerFault.exe	403
3300	3172	WerFault.exe	369
4488	532	WerFault.exe	386
4968	3360	WerFault.exe	416
4160	2164	WerFault.exe	382
2332	5048	WerFault.exe	488
3268	5088	WerFault.exe	489
1164	5112	WerFault.exe	459
2664	4788	WerFault.exe	449
4732	4816	WerFault.exe	450
4844	4572	WerFault.exe	445

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43846.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49499.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-136.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30603.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30884.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35009.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
2728	Unicorn-27705.exe
2836	Unicorn-29110.exe
2756	Unicorn-37108.exe
2604	Unicorn-54259.exe
2656	Unicorn-30309.exe
2612	Unicorn-54259.exe
1796	Unicorn-54809.exe
2492	Unicorn-47196.exe
788	Unicorn-9692.exe
1972	Unicorn-23568.exe
1940	Unicorn-43434.exe
1300	Unicorn-65172.exe
1052	Unicorn-61643.exe
1648	Unicorn-28224.exe
1496	Unicorn-7803.exe
2924	Unicorn-15972.exe
2488	Unicorn-20994.exe
2260	Unicorn-8358.exe
336	Unicorn-1122.exe
2096	Unicorn-46794.exe
1800	Unicorn-49747.exe
2128	Unicorn-4630.exe
876	Unicorn-16883.exe
2376	Unicorn-62554.exe
776	Unicorn-13353.exe
836	Unicorn-25051.exe
2304	Unicorn-5185.exe
2056	Unicorn-12798.exe
884	Unicorn-41387.exe
2636	Unicorn-62741.exe
2396	Unicorn-10525.exe
1824	Unicorn-56197.exe
2196	Unicorn-42814.exe
2672	Unicorn-17795.exe
1628	Unicorn-4796.exe
2232	Unicorn-63104.exe
600	Unicorn-41937.exe
1664	Unicorn-30239.exe
1808	Unicorn-904.exe
1164	Unicorn-9072.exe
2920	Unicorn-18947.exe
2044	Unicorn-30645.exe
1936	Unicorn-6695.exe
1968	Unicorn-38813.exe
2472	Unicorn-2103.exe
2176	Unicorn-43690.exe
628	Unicorn-63556.exe
1652	Unicorn-55943.exe
904	Unicorn-6187.exe
1620	Unicorn-34776.exe
1572	Unicorn-42944.exe
1856	Unicorn-10826.exe
1596	Unicorn-55580.exe
1688	Unicorn-35714.exe
2064	Unicorn-18632.exe
896	Unicorn-23270.exe
2112	Unicorn-30884.exe
2684	Unicorn-51304.exe
2492	Unicorn-65263.exe
2752	Unicorn-19592.exe
2796	Unicorn-16062.exe
788	Unicorn-27760.exe
2772	Unicorn-56156.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2728	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2728	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2728	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	30
PID 2092 wrote to memory of 2728	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	30
PID 2728 wrote to memory of 2756	2728	Unicorn-27705.exe	31
PID 2728 wrote to memory of 2756	2728	Unicorn-27705.exe	31
PID 2728 wrote to memory of 2756	2728	Unicorn-27705.exe	31
PID 2728 wrote to memory of 2756	2728	Unicorn-27705.exe	31
PID 2092 wrote to memory of 2836	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	32
PID 2092 wrote to memory of 2836	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	32
PID 2092 wrote to memory of 2836	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	32
PID 2092 wrote to memory of 2836	2092	8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe	32
PID 2836 wrote to memory of 2604	2836	Unicorn-29110.exe	34
PID 2756 wrote to memory of 2612	2756	Unicorn-37108.exe	35
PID 2836 wrote to memory of 2604	2836	Unicorn-29110.exe	34
PID 2756 wrote to memory of 2612	2756	Unicorn-37108.exe	35
PID 2836 wrote to memory of 2604	2836	Unicorn-29110.exe	34
PID 2756 wrote to memory of 2612	2756	Unicorn-37108.exe	35
PID 2836 wrote to memory of 2604	2836	Unicorn-29110.exe	34
PID 2756 wrote to memory of 2612	2756	Unicorn-37108.exe	35
PID 2728 wrote to memory of 2656	2728	Unicorn-27705.exe	33
PID 2728 wrote to memory of 2656	2728	Unicorn-27705.exe	33
PID 2728 wrote to memory of 2656	2728	Unicorn-27705.exe	33
PID 2728 wrote to memory of 2656	2728	Unicorn-27705.exe	33
PID 2604 wrote to memory of 1796	2604	Unicorn-54259.exe	36
PID 2604 wrote to memory of 1796	2604	Unicorn-54259.exe	36
PID 2604 wrote to memory of 1796	2604	Unicorn-54259.exe	36
PID 2604 wrote to memory of 1796	2604	Unicorn-54259.exe	36
PID 2836 wrote to memory of 2492	2836	Unicorn-29110.exe	37
PID 2836 wrote to memory of 2492	2836	Unicorn-29110.exe	37
PID 2836 wrote to memory of 2492	2836	Unicorn-29110.exe	37
PID 2836 wrote to memory of 2492	2836	Unicorn-29110.exe	37
PID 2656 wrote to memory of 788	2656	Unicorn-30309.exe	38
PID 2656 wrote to memory of 788	2656	Unicorn-30309.exe	38
PID 2656 wrote to memory of 788	2656	Unicorn-30309.exe	38
PID 2656 wrote to memory of 788	2656	Unicorn-30309.exe	38
PID 2756 wrote to memory of 1972	2756	Unicorn-37108.exe	39
PID 2756 wrote to memory of 1972	2756	Unicorn-37108.exe	39
PID 2756 wrote to memory of 1972	2756	Unicorn-37108.exe	39
PID 2756 wrote to memory of 1972	2756	Unicorn-37108.exe	39
PID 2612 wrote to memory of 1940	2612	Unicorn-54259.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-54259.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-54259.exe	40
PID 2612 wrote to memory of 1940	2612	Unicorn-54259.exe	40
PID 2492 wrote to memory of 1300	2492	Unicorn-47196.exe	41
PID 2492 wrote to memory of 1300	2492	Unicorn-47196.exe	41
PID 2492 wrote to memory of 1300	2492	Unicorn-47196.exe	41
PID 2492 wrote to memory of 1300	2492	Unicorn-47196.exe	41
PID 1796 wrote to memory of 2660	1796	Unicorn-54809.exe	42
PID 1796 wrote to memory of 2660	1796	Unicorn-54809.exe	42
PID 1796 wrote to memory of 2660	1796	Unicorn-54809.exe	42
PID 1796 wrote to memory of 2660	1796	Unicorn-54809.exe	42
PID 2604 wrote to memory of 1052	2604	Unicorn-54259.exe	44
PID 2604 wrote to memory of 1052	2604	Unicorn-54259.exe	44
PID 2604 wrote to memory of 1052	2604	Unicorn-54259.exe	44
PID 2604 wrote to memory of 1052	2604	Unicorn-54259.exe	44
PID 1972 wrote to memory of 1496	1972	Unicorn-23568.exe	43
PID 1972 wrote to memory of 1496	1972	Unicorn-23568.exe	43
PID 1972 wrote to memory of 1496	1972	Unicorn-23568.exe	43
PID 1972 wrote to memory of 1496	1972	Unicorn-23568.exe	43
PID 788 wrote to memory of 2924	788	Unicorn-9692.exe	45
PID 788 wrote to memory of 2924	788	Unicorn-9692.exe	45
PID 788 wrote to memory of 2924	788	Unicorn-9692.exe	45
PID 788 wrote to memory of 2924	788	Unicorn-9692.exe	45

C:\Users\Admin\AppData\Local\Temp\8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8a9c3066c1494e55c6f0ecf755537fad_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
        11⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16458.exe
        12⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52067.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41756.exe
        14⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        15⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        16⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        17⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 220
        18⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        9⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 220
        10⤵
        Program crash
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
        11⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 220
        12⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13774.exe
        11⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 300
        12⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        10⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27044.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        12⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        13⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        15⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38430.exe
        17⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        18⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        19⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
        20⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        21⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        23⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 224
        24⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        13⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 224
        14⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        11⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        13⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
        14⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 244
        15⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        13⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38046.exe
        14⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        15⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 220
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        14⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18205.exe
        15⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17297.exe
        16⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        17⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        18⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53820.exe
        19⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        21⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        22⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        11⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 220
        12⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        10⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        11⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21480.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
        12⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2290.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        12⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        13⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        14⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        17⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
        18⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        13⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 200
        14⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        8⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
        8⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        9⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
        10⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37288.exe
        11⤵
        
        PID:532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 224
        12⤵
        Program crash
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
        9⤵
        Program crash
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe
        11⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        12⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
        13⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9566.exe
        14⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        16⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        17⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        18⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        19⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 224
        20⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43899.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        13⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10142.exe
        14⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        16⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
        17⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        19⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        20⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        21⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        22⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 224
        23⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36414.exe
        22⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        9⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 220
        10⤵
        Program crash
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        12⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        13⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        15⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
        16⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 224
        17⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        16⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65466.exe
        9⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
        10⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
        11⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 244
        12⤵
        Program crash
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        11⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 220
        12⤵
        
        PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30645.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        8⤵
        Executes dropped EXE
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        9⤵
        Program crash
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30469.exe
        9⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 224
        10⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        7⤵
        Program crash
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        9⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-74.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        11⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43515.exe
        12⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        13⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        14⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21902.exe
        15⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        16⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        17⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 220
        18⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        10⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
        11⤵
        Program crash
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16157.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        12⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35529.exe
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36396.exe
        15⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35693.exe
        16⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
        17⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        18⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        19⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12211.exe
        20⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48013.exe
        21⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1438.exe
        22⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-255.exe
        23⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56296.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48933.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
        13⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        14⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        8⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 224
        9⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
        10⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 220
        11⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16292.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        11⤵
        
        PID:1772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 244
        12⤵
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        8⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 220
        9⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15685.exe
        12⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 240
        13⤵
        Program crash
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        11⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 224
        12⤵
        Program crash
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29120.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
        12⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe
        13⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
        14⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        16⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        17⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
        18⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27043.exe
        19⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        21⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        22⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51901.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        12⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
        13⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 220
        14⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        8⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 200
        9⤵
        Program crash
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        7⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 224
        8⤵
        Program crash
        
        PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 244
        7⤵
        Program crash
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        10⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 240
        11⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64464.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        9⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
        10⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 248
        7⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 244
        8⤵
        Program crash
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29440.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        8⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        9⤵
        Program crash
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        7⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 244
        8⤵
        Program crash
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7095.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28902.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
        10⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        12⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 240
        13⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 244
        6⤵
        Program crash
        
        PID:1736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 248
        5⤵
        Program crash
        
        PID:1692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        12⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        13⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27361.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        16⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        17⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        18⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 240
        19⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        13⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
        14⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
        17⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        18⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30499.exe
        19⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        20⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 224
        21⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        20⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        21⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52580.exe
        22⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        11⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-915.exe
        12⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        14⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        15⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        16⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49310.exe
        17⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 220
        18⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43358.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        12⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        13⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 240
        14⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37691.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63224.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60074.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        11⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-531.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        13⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59042.exe
        14⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        15⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
        16⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28916.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18212.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
        12⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        13⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
        14⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25379.exe
        15⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        16⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        17⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
        18⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        16⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
        17⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        18⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
        19⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 244
        20⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        14⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53923.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        16⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 244
        17⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
        15⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        16⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5371.exe
        17⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57665.exe
        18⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        19⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 240
        20⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10873.exe
        10⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46224.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        13⤵
        
        PID:672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 224
        14⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        11⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        12⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29686.exe
        13⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
        14⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        12⤵
        
        PID:684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 224
        13⤵
        Program crash
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
        12⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        13⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        14⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        15⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        16⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        17⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        18⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        19⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        20⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        21⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        22⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        23⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        12⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5757.exe
        13⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        14⤵
        
        PID:3152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 224
        15⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39783.exe
        11⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
        12⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        13⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        14⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        15⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        17⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        18⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 224
        19⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        14⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
        15⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        16⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        17⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39269.exe
        18⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        19⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 220
        20⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-467.exe
        16⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
        17⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6098.exe
        18⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
        19⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        16⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        17⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
        18⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 240
        19⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        11⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        12⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
        13⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        14⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 220
        15⤵
        Program crash
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        14⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20252.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26264.exe
        16⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        17⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
        18⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        19⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        20⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        21⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
        22⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        23⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        24⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        21⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 220
        22⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        13⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 224
        14⤵
        Program crash
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        10⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        12⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        13⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 224
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        9⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 240
        10⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        12⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        13⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20143.exe
        14⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        15⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        16⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        17⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        18⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        19⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        20⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 244
        21⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        10⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 224
        11⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56113.exe
        13⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33166.exe
        14⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        15⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        16⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
        16⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16296.exe
        17⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        18⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        19⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        20⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
        20⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        19⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        17⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        18⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        19⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
        20⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        18⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 220
        19⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        15⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        16⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
        17⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        18⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        20⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        21⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 224
        7⤵
        Program crash
        
        PID:1612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        6⤵
        Program crash
        
        PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 220
        8⤵
        Program crash
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        12⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 244
        13⤵
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        9⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3473.exe
        10⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
        11⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        12⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 244
        13⤵
        Program crash
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12155.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        13⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        15⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        16⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        17⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        18⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
        19⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        20⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16208.exe
        21⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
        22⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        13⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe
        14⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
        15⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        16⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        17⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21101.exe
        18⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
        19⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        20⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        21⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57313.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        11⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
        12⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        14⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47561.exe
        15⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        16⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        17⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        18⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        19⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        20⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 244
        21⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        9⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 240
        10⤵
        Program crash
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64272.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        11⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 220
        12⤵
        Program crash
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43323.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49732.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        13⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        14⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45994.exe
        15⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        16⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16633.exe
        18⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55522.exe
        19⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        20⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 244
        21⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 228
        20⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        11⤵
        Program crash
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        7⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        8⤵
        Program crash
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        11⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32597.exe
        12⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        13⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        14⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        15⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        16⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 240
        17⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        15⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        16⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        17⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
        18⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29643.exe
        20⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
        21⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30209.exe
        22⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        21⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        17⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 244
        18⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        9⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        Program crash
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16913.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
        7⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        8⤵
        Program crash
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        10⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        12⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
        14⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17735.exe
        15⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3422.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
        17⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        18⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        19⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        20⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32969.exe
        21⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        23⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 224
        24⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        23⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        14⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        15⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
        16⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
        17⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        18⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
        19⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        20⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46970.exe
        21⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51646.exe
        22⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
        23⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        22⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        23⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1683.exe
        12⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        13⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        14⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
        15⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        16⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
        17⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 224
        18⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        14⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
        15⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        16⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64032.exe
        17⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54105.exe
        18⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        19⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        20⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        21⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24952.exe
        22⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
        10⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        13⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        14⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52841.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        16⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61048.exe
        17⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
        18⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 240
        19⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        15⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        16⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        17⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8521.exe
        18⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18439.exe
        19⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20956.exe
        20⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        21⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        22⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        23⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30103.exe
        16⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        18⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        19⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43654.exe
        20⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62699.exe
        21⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44879.exe
        22⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        23⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55835.exe
        14⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        15⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65132.exe
        16⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        17⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        18⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63124.exe
        19⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        20⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 220
        21⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        16⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        17⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        18⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        19⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 224
        20⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6684.exe
        19⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46446.exe
        20⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
        21⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
        22⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        20⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 224
        15⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        11⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11408.exe
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        13⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 240
        14⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61356.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 220
        12⤵
        Program crash
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        10⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 240
        11⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        13⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
        14⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        15⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 220
        16⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3105.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        12⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3048.exe
        13⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        14⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        15⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 244
        16⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        11⤵
        
        PID:3360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 244
        12⤵
        Program crash
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44081.exe
        12⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        13⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        14⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        15⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        17⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        18⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17624.exe
        19⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        21⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        22⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        24⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        22⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        17⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        18⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
        19⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        20⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        21⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
        22⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        23⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        21⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
        19⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 220
        20⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        16⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        18⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        19⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        20⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        21⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        22⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63649.exe
        23⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        15⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34209.exe
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        17⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        18⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        19⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        20⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16898.exe
        21⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        22⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
        21⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
        22⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24561.exe
        16⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26477.exe
        17⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15288.exe
        18⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        19⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        20⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        21⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        22⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        19⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        20⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        21⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exe
        10⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 240
        11⤵
        Program crash
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        11⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        12⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        13⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        14⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        15⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43934.exe
        16⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1526.exe
        17⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 220
        18⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        17⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 240
        11⤵
        Program crash
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        6⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        11⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 224
        12⤵
        Program crash
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37323.exe
        9⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 244
        10⤵
        Program crash
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17968.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        11⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 224
        12⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        11⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57184.exe
        12⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42239.exe
        13⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        15⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
        16⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        17⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10462.exe
        18⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49497.exe
        19⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47162.exe
        20⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 220
        21⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        19⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        20⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        21⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        20⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13108.exe
        15⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        16⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        17⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        18⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12839.exe
        19⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        20⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        12⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        13⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 224
        14⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        11⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        12⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52431.exe
        13⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        15⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
        16⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51770.exe
        17⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        18⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
        19⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57463.exe
        20⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 224
        21⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        17⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        18⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25751.exe
        19⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        21⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        9⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        10⤵
        Program crash
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52249.exe
        12⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21819.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61943.exe
        14⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        15⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9128.exe
        16⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56845.exe
        17⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        18⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        19⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        20⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51262.exe
        21⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
        22⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
        21⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        19⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        20⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        21⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        22⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        20⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
        9⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 244
        10⤵
        Program crash
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        8⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 220
        9⤵
        Program crash
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57505.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24621.exe
        11⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        12⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        14⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        15⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7177.exe
        16⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        17⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        18⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        19⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
        20⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        21⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        17⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 240
        18⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29358.exe
        12⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        13⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        14⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        15⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        16⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
        17⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 244
        18⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        8⤵
        Program crash
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28352.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3899.exe
        12⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
        13⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 244
        14⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        12⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15207.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        14⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
        15⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        16⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
        18⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        20⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30795.exe
        21⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        22⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6280.exe
        23⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
        16⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41744.exe
        17⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 244
        18⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18149.exe
        13⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 220
        15⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        14⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 220
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        12⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60900.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        14⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 224
        15⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
        8⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        9⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15108.exe
        10⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 224
        11⤵
        Program crash
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52804.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63702.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43752.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
        13⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19731.exe
        14⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38428.exe
        15⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        16⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        17⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        18⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
        19⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10639.exe
        20⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
        19⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        18⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        17⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
        16⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        15⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        14⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        13⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        12⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 220
        13⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 220
        12⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:3368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe

Filesize
192KB

MD5
567769426bacda3283a0563dfbc4ff9c

SHA1
039a22a1e72142f3e8834fb62cb9bea6fd1a113f

SHA256
9443518f31ec6a3dcab19e142af386424ea79c75777f60fac4f0fc9c2a5f8b17

SHA512
c3cafc5eac93511a2f39bbfbed71095817e67c79f6dc0c6523ef14eeab71ea7388f44f3166a36725ca41b223fe549fab7a2153b12515f00883d90177ae96522a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe

Filesize
192KB

MD5
b169466ef3b3d6fb72890582f79f8fdf

SHA1
59646652bc4a0bb899b651daa9d7e053285e08ea

SHA256
8bb609e94bb4db386124e77c7fe730d3f5bebf3eff31bf7198438919b05f781c

SHA512
219c28f9a78782d2d7f9a0c279c9dcd4a1d2c282f495fc17c52e4ef5d5515fb3c084feecfd3af0173afd01dfc90e38133d7510f2be343e0bbfc6a304a875bf9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10458.exe

Filesize
192KB

MD5
a5a5fefa5ab4a0bccd58dbaddfaa2a00

SHA1
2b8c51a359431d9bd78ced934ebc023b46949abe

SHA256
883965597724a32d8ac69a3e5e702d3a0dea923e4b8e79c86568432504cd3413

SHA512
c1df9a83c54afac2ca09c15b4661792c4d9a683c663b6c179cd49f872eff99070b5730643f81ce917fd589f3a3bffe3417c9676645cc1c6151d130de08db9c9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe

Filesize
192KB

MD5
6fafed579c8e5f85600a89d37f06957a

SHA1
32292ed7bf3980a6716a3f04f5383de07256ca5c

SHA256
e317b6e883f3c2728ffa1f9cf5145edff3bdba2a9043f55682fb7b23af80b7f2

SHA512
4bbd02bd7ec9c14e870c5ea7a96bb8f17783c7fe82d7384f2f6ccda8a243389902df273df2823b7fd40de48bb1f27edd15f2c752463b430f607389a58c8e25eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe

Filesize
192KB

MD5
8277aa67f98b1b9caa39c5fea24d86bb

SHA1
9ff4d54ac39e5f34f4fabe64834bcf24837bbb07

SHA256
47df96e945a6ec4e620fdd9db2dac78e03466a7c11dd25a9b5ae1d264be88892

SHA512
3792406f4c0eb0ed5fce81480289761f612b3bbb08f0a496a99fefc7a9c2e6bf203a163ea05cb022bd6ebb2b3c396bc044c6fefcec6b6a2d877769f34ae465fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe

Filesize
192KB

MD5
96281f7436b5a98111bcd5799e572f66

SHA1
e4d9b6711db1d02723808d51c733e3d5a7c4c4f2

SHA256
b29c4b23dc35b9cd14e858ccc329a4955a8ddd14751d908dff3536d9bfbfd6e7

SHA512
6d7a41a8261ee99231aec9529ad6d5d2941d33c2e97dbd308748e8e16e125b513721576feda7ffdfc21d4d804342f340182258539ac1b8ec88acb9c813526ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43852.exe

Filesize
192KB

MD5
78b162ff0703d437a735a0a567850a1b

SHA1
1b706d1152a97acbbd3dd3cf135a27a508fb3611

SHA256
bf954af581cbb44e68e3c12dbdf489297a651027c43d32dc59d7ff8805bb14fb

SHA512
76deeeb9dbc8cf6064b146f3bbbf8931262a2371c83b8dd0b7f5b4f9c84daaeea83ff6320ce6e39618c912c23b0ae5fdcf226202c30e8ba3ed92dcd4ccd5a1dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe

Filesize
192KB

MD5
001b3df227b66904fdc81ee17fc66a13

SHA1
5d85cc565ed8be51367714bea79ef55346c84101

SHA256
0f64b49138036eaf4e5754f71a580beddbeb6829d8f7006fa4cb86a5799e3728

SHA512
dfa2187dc1de89d9e51d04092821a9ae4c85aad18d84ed90755a093b041095513482edee98495320ff719e4ca7a439e6b3433f17eee5c718d05353a8ff82c4ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
192KB

MD5
b365aa448baec65afb0e3779fe258069

SHA1
963a07d8812d16be16f35305c28fc274b8051989

SHA256
dd153f6491dd9dcf696fdf9e484eed2e94121210ba722fad48b0b1357865dc09

SHA512
9c60350ec35eae76f81b7b6d08c524d8bf2577273b05b592b7db3c9336a84d07a662b6eb62b7dcffeb65f8e45f2849c18294011fe354a02b0f6df8457b94d73b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5866.exe

Filesize
192KB

MD5
e3a3f8fc56813c1216f8664b1f8e0c6a

SHA1
acb589b7daeebb73debab33448df6e1a2b4e9cec

SHA256
dc9e6ae6aecaf78df43bb24dbd89d3ccb84e87f225ba8bce30efb649370bf975

SHA512
3b0657af5d29ae1b7ef5a09690a456a54e9ab00a40189234968827e9c5b6287a96c2fb9c80b68468e3f0b17b2d7e70ab2521ef2aad52a03f970a8368704854e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58936.exe

Filesize
192KB

MD5
93c2749e742a814eef531323b76485a4

SHA1
fbf2e8634f10bc1f9725608abec1730a8f4b4632

SHA256
a328c2ef765139fd9fb5fd15af508672b00df536ce54e337f547e530bda6c750

SHA512
b9bc000c8af0224789e23e7a18d66f2802c0f9d4c461efdeb1b009f5d15c0b60b94d60193b3f5d0e47fcffee1b2fb769023794fabe33bdb98328771cff1b88ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe

Filesize
192KB

MD5
bdd60af920450e90768f2a18218c2d30

SHA1
322cf2ee14c8fa04fcd3674b55dd62c3b3883aea

SHA256
9fa49c8b5c26087c79b3d2cce906f91509ea7ed28bba18051a80679a0a1200b1

SHA512
0e5c4461cad552ac4b5e91b2df1a4010660e7e09983498db7a9d00c12ea1978858886f7eb4d98c4ecdea03f052507ca3cf799b3c71ea919040fc85897ee4b3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe

Filesize
192KB

MD5
2d44c46d31a50260156600a2042544e4

SHA1
a42bbd69703443043a9105b3acd17833f109a2b3

SHA256
5b8553807f655ba57e6799adb75a211a47ed012ae2095f9f0db454dd9e311a52

SHA512
4f14cd2349ad9d5124eb75da9216b8699819628157ca2477218ca1b35ad5bb1e05e910d68502e353453d7e770d4eefe14f821ff85e8e1465b7d1f294a9da28c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe

Filesize
192KB

MD5
3cfc22b64f34926c06eb3fa463748c82

SHA1
2a4edc146fe085371e19b060234cc5c9037b08e5

SHA256
b0561c570a15b8ddc33a572453d494be8cefdc6404510bd9f4db5b5247099d18

SHA512
3abe7d634078126aebd853c790cddade6d56447f380664eb6073c1a81e95ffcc1166df8686e75ae8f3c68f5e4644d35a3a6dfa0c6bcd6eb045295790d09e5cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5990.exe

Filesize
192KB

MD5
a5c1c35ea14cdb6edc9a8a5a6aae8ee9

SHA1
9416a24f56b195e3f40805ab74a1af7eb2909a10

SHA256
56bb7dc5ae9a6610eb67ef47b48525b91affbacdb5a3ec03816a1b5d1d2730d4

SHA512
25bae9d4b6063e85359bef5babb889b25d15abf3dd9490fae2c721269701064fba39a060dddc2f8a386e98501815433e89016df70bbc30858100a88ae9b0c1d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe

Filesize
192KB

MD5
9f237324c51c06cbb9035e7f6cbc8934

SHA1
661152c5561b95ed28532bc6bcb20d61e13718d3

SHA256
fc76628a249c2d6d882759b18854acb47d78bdc2f390df3f1996b8c61b23e0c3

SHA512
fe271a58f835b9cf5bd6a43674794b463dc8d5714d55a7e92064bc8d7698a973029993ec3ed34d9130fc95a3ee7e3ec61c048909d2b93c13a16aa980b01c2af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe

Filesize
192KB

MD5
5f4b3e31b4e0cb588512dd8af6647f74

SHA1
3b4f27fa2c4fdc4164a5a59f2ff40d9f26660021

SHA256
e949b28f546e163125a8158f800813b9131fe773b37e7b9794b434e69e485be4

SHA512
ca361425cbe8dc8a654c0dace886f013b2fe3a1f7a55afba3a79c689f4f535ebb4110b88e41c8267797d1b892514df2e72bf30c93a4b0948ed23f1e0580e35a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe

Filesize
192KB

MD5
9928ce1ecc13282864461d6dd8acdf1e

SHA1
d46ca9640f7b47cb059327cd22a2142b402feca4

SHA256
37053e695474994c01ce85342e070dc40f55a890e0fb4bf3d0448d91bd045694

SHA512
33b239d7c69b946ba348130bf7538d54852b407c1a9a6e24f12885d6e6b9dd5340e001dfe37ffba56b4f71f8340f0b8eb1b3e954a6a7414bd739fb5ae1ecc171

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe

Filesize
192KB

MD5
e322f3b21f2c6a80204ebb134d7190df

SHA1
2e98c090f0295b32b6d2e478a4cd58cb33a8d7fe

SHA256
6d540269e17ac1c1e5dff9aa3cbb2c5374a53a7621512e751b3a25f3ef865767

SHA512
e327f75a0f8dd61745b35b66e97f3905954de3599b96c61645fc196e0e15ad7340cd03ab9afb262f9a4bc7be61c56bd964d48db213ca037c7decfe10da1032d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe

Filesize
192KB

MD5
aeac96c4a84f65f631fec42c15be1a59

SHA1
b9cb8aa6bf54553bc0d250839bd18a77d83c27e4

SHA256
ee210b80f0609c7e1cf67ec346fcfc2e6eac978e1481097c851a9009a1f66859

SHA512
bff2022cebecaedf1b7f4b12a39074988b854c2297a54d6f16978ba66f69b41a1e98cd50ce315ed90430b58d6c2011a654c2f28027f7388a24bf44faec1bd722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe

Filesize
192KB

MD5
d5e72606a36dcbc25cd1892c46c1fb18

SHA1
ebf7911b073c4b934e8463493a5569a5668e5122

SHA256
589a765ce3efe6dfb43a0c0e7899ca97f3eba5d9b99ecd81a05123d6d5fd4557

SHA512
be1175573e50aee28236df6f06c634016d47eb3d5b1e987b4886fc1805a2bf316d898fca937398b78cd00c9ea403cdb3beb54400f5684bc7f4ec48986fc54ee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe

Filesize
192KB

MD5
49d1c44a03b83da4e825163a45dd34d7

SHA1
f140ab8935e3cde2b9c4d084b6bb4fe292d71764

SHA256
77289653d2548504696f2f0c41b2587bd184759172251ca91b409bc46d985bc9

SHA512
7d85ed7ad05130bad2f62124d96848e2f4826d1ebdbebf713ee3218cf342be8d938b152a7d1f69f5ae464703034b843455278ea1b571a51ef8d34b827d1c0ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe

Filesize
192KB

MD5
b155b4c4cbc0958f3d017063deb5b7cf

SHA1
34da8059115bfda56231c18aea7651bae9686d31

SHA256
e7c1601a201349cd1a3d4d619dfcca9b7e83b5af29348ab4c7ef6f011f0391e7

SHA512
d7ae4ac96922cdaf6ecb6d47f11be00f2a09ecb85f74a5dcbcd6bf252c61ca2c5301536f63aed54647bcfb4e598197e344efc69993f166e1b482e66ca77cbf2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe

Filesize
192KB

MD5
11f16c500d17804522974388175ce84c

SHA1
6a2157241db07b39ef5252191b3e77510075fae6

SHA256
790c7309abd9913037c68cf765e7bff3478425a2d7754496acaa5e1a4201d72e

SHA512
a827aba9351172d480760388f3c37089eae604a7d82eb277bdeab2a254a3bb5d04060b59fe15faa5b0d6586ae00c0e7cceaac700bdc64878f4eacbb814e4965a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe

Filesize
192KB

MD5
33247b49a90694bce6024106a3b221a3

SHA1
da77e68dfc26e91a158f29e48939e69c2d79c2c2

SHA256
2d8702ff69c81d88ee2379ad8328d9094efa95facb959adcdea7d3c13bd14179

SHA512
8c74648373bbc0d7b0f1e72dabdd1d65654f41f6e2622c8469aaa42bdc71e13eda9c718ebda27a95aa8c03f5a2cb81ca337d2f3711457193771fa7a9e8f5190e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe

Filesize
192KB

MD5
6db39786f7452698f45ebcd8dffa8e10

SHA1
df077996e20bf509308908363df6a3d34544b54f

SHA256
043f19059086aadd40a07010c36b185a2e02bf7685d213ae6e23141ebe4b2530

SHA512
4e2a4e45efad89ea095fea834733025ac8543831f0682d0cd16b6fdacc0a7f57d186f59bf33c8f9a814f1f0e2f396ea1f845aa125313137cae99f209af2996d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe

Filesize
192KB

MD5
570fc79c6269b3d7011bb9f3d360de0d

SHA1
4693ce4743880624e15816c09a4e62a455e86bb8

SHA256
84b5703d3de835ff0ec6b939b8438aa3961fc1f09e8fc7cbdb700dfe312d6e43

SHA512
ddf949d894a0a0c5bfbaf1b35ec7f69d661f011e9f8d36b49f33f9732ffce197b4f80b74b65303a2827a5efde4481ace84bddac19f52e050b9ded588e38bc805

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe

Filesize
192KB

MD5
ab9a4ea19e9202bd17d1d127c989bbda

SHA1
aa882d822dd659e552f0db1037f44d59f25ac460

SHA256
6001afb2f1900585c58ece0962a4fee9bf6b66afaf8222201e903d3e9a55969a

SHA512
d438aa967e30857a37a6170aae5ba9e970f5fac5f49f22f95df4d979cb74ecd7f8d015b4d6113d3cd2a84a8515d3e243f61b0fbb2aa104e11765354250d9bd8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe

Filesize
192KB

MD5
3562622259870d6438987eee57fec6c8

SHA1
fa08599698f209e91f834f33cb7c72fcbf08f1bf

SHA256
aa4b2d391e4ff58561b84ac059e961fb7c1e8f7fbdab7e559d9d030daf4903b1

SHA512
4ad5caefe156cd57b0845419e5cf1b078be9bf414171d5def3d233260e23d56a2a6f7b9b3e34c5eb21aef03fd0400ca64a1e5a37fa21b354058fe2385d585eab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe

Filesize
192KB

MD5
92244c8dda19e0503a78b543a943f0f2

SHA1
17b592af3cda87269526cd9b00ac52afea2ea5db

SHA256
91fd4c32226c3a94ce7e990a9c9ee71e6d860b65f5bed447590b470319c4541d

SHA512
1a5e77352ee655cde51af7f5f99e2b5ee9e40c0f69ac59e1188f5ddb7ded5cccf8e085ba217f6d19b11725b33a358475ecc934c0485d59edf164b86c6ee3f9d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe

Filesize
192KB

MD5
2962afc279a55f2f59c2910786acf180

SHA1
5710d443001d99e9bb0ea14d0a92809785fb1820

SHA256
d9787b03fe2af31462e7232417208a5c1581690d6eac338aea3c7ca17127ae20

SHA512
5d513af82d77535704e1de17d8868f037ea60f3e5cf5e3895ee6218f2300ca2edb77897e1f210dee4f565e55d6a452ec4537fc3d4caff0749655fd108473f450

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe

Filesize
192KB

MD5
2fe241daf8cb80bc36a47e3c845de252

SHA1
c2fed3bb837704224cc25de27983c05cbd7e5dfc

SHA256
4bccae15c0e486efaf2453ca983f56e59c4793d5267b3a7fd9d76006db33b15f

SHA512
54d070fa0bf97165c9a9e346eee813d6edddd03fd93515f13767a90f8a6c9cfad3007ad1b384d8bb731000169b553e53fe165cedeb1b6335f6f71dcdaa9303ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe

Filesize
192KB

MD5
fb62afb63168decc62ba743a64db1b29

SHA1
3860ee56e1390badefe96219652192b762639064

SHA256
f8b4d60205caea269eed02f6dce6f0a82d733ab48bf4856ccc3a1f9cbe768e48

SHA512
bd02c031da975132afe0ecd08ac070295671773c74d274846ddb50b1579fa9ff461dad8cbec57021fa3bd6f683e1a4d77c750a2a6cf31566be3fefba6eea80f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47196.exe

Filesize
192KB

MD5
8f4b2a1c13f19485852c51f95261ea53

SHA1
c6ba84cb25bf324ceae3b92e8f75c532f080c7bc

SHA256
333de2dfca0804ec4837ee52eb7816a04af9c83f4a86f3db4fb0b3f85b2fa264

SHA512
568f3aec9167a5d773af3530759cc036ee50055605e8c5731c0da711b9c9cd5fd7e617b2ab11484e0854b4618a6f46765ef7f41e5971324d9cf1b501a3898e2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe

Filesize
192KB

MD5
3e450e4cd31efd91117651be652788ca

SHA1
d4adef8e16e5e49b85df27a45f11c867b3944ead

SHA256
430fa7d64011142f52f75c424939d84f2f7bfb9c7b4df8794df43ba216e91af9

SHA512
8b11592ac5cd62aae08f8efcbae243454096d069cc68e4676edb74a99b4b41ae3736a4e355bde70b755744921a0a41883ea8e2150f04060c61a4edb9aff58a24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe

Filesize
192KB

MD5
9dc51408c7ae7c41240b430a0784b9c0

SHA1
a33cd97fe4a395b48f43ede3ca6eb1c7703aabae

SHA256
3f4c8753fb546eef7aaf266f161fa101a27c8df3b4329f6b3965918d72ca7a32

SHA512
414d5c0a60a14a1e4781bd30f058c18bfbf58b34d9eebfd36c0c037c2febbe27a976143d3bb8a76bce88d24796405e51afa3c5d3d5f5618b8ddc98ff249b9df8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe

Filesize
192KB

MD5
a0b949402a7f0510e2df2469d8933717

SHA1
58cc7a370dc1af77eb1607eb1dbc68297a690ac5

SHA256
0ae79e968bc830875e861906a90f4c277b1c4b8a5920fb93f6056265a256462f

SHA512
ef15609396c1045ca5b76a5f757b47a83ab8e16c6d5489198705935dcf4920c7c76686f9f32b9663506926bc064a78f4c289adbe73938ca81b692f29d60a05a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7803.exe

Filesize
192KB

MD5
ff7e6bf870213208c5d8e8823aa92cf0

SHA1
991283cfd9bcaf11c4a16efbbfc46bc728385158

SHA256
711e33fb211027b11cc710d4650628e04b58a90ec53aab177c717e24b2acd8b2

SHA512
259dc01412071e4b361b64cb6b3f5cd4e092abc68b4d96fa4d2d572e6a8a4ba48fd65108908c1e9069c1bcc30390c5ecc54451b58c174714b9c778e218384995

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe

Filesize
192KB

MD5
643ccfd536883dedede997b4aac13c8d

SHA1
924a5a12636d244f3c676570c47277fd205bdaec

SHA256
2a7946096d1bea2e857e0dacb4cd9bc535bfb4ebac6b42710e3b2e5ddf213153

SHA512
6610dcc5a2a60c4c892b16fc75a9d95e7e2cc2813be069665f0535a36c01388edd9e60e890dd991421c58d1d029ca9d1ff39dd5f3d72a08ea14ca497063cf664

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe

Filesize
192KB

MD5
47064e63d626d68f706ac20b341b081b

SHA1
98aa2c71f84bb6f03fd0e3af9521eaf9ed8d2bfd

SHA256
5e506854dc799ed419d0100ba1892810f17eddbf5bb85b12662747022261327d

SHA512
79ceb0db68c625b4ef0696c82b7f5652625e7e30e59ec8e02eec10ad78bf3e44045c07a84e88356130874a99a9aa416d3b014d045c2ab31f2359938693dab34c

Download Submit