67f1b1c912ebc48488e73083fb3144022d437695b4f8afb2db5f7118402b2435

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
Size

192KB
MD5

ae61e8ef3e86e6456405ac938e69ee65
SHA1

fe3f7a90ed920b69209fecd2a0b37d9b80a0af77
SHA256

67f1b1c912ebc48488e73083fb3144022d437695b4f8afb2db5f7118402b2435
SHA512

6d03be90bff2036986caefe95f7c765da6043da6d21603679e76169f63ccb9111363d08158ca853f518984a8e7e5858ee99af155ad6115f55598924b24f67919
SSDEEP

3072:Zu8QoAXwBQAYibC0Sdzdqh8b62qWrcW5TsNpxKgWgwBlVvMu:ZurofBJb2dBqh83x3dBlVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1732	Unicorn-31284.exe
1980	Unicorn-20589.exe
2216	Unicorn-58284.exe
2812	Unicorn-44418.exe
3044	Unicorn-64283.exe
2804	Unicorn-56115.exe
2676	Unicorn-44076.exe
2844	Unicorn-7874.exe
2008	Unicorn-19380.exe
1664	Unicorn-56883.exe
2020	Unicorn-60412.exe
2600	Unicorn-18114.exe
1232	Unicorn-47449.exe
1820	Unicorn-9945.exe
2972	Unicorn-59146.exe
2140	Unicorn-8876.exe
2500	Unicorn-58269.exe
2340	Unicorn-63977.exe
3000	Unicorn-39472.exe
1320	Unicorn-23851.exe
1552	Unicorn-53186.exe
2448	Unicorn-15875.exe
2332	Unicorn-34131.exe
2436	Unicorn-25771.exe
1508	Unicorn-5905.exe
1964	Unicorn-9434.exe
1868	Unicorn-1266.exe
888	Unicorn-46938.exe
2252	Unicorn-38961.exe
1612	Unicorn-50659.exe
2920	Unicorn-26705.exe
2748	Unicorn-64208.exe
2840	Unicorn-58500.exe
2624	Unicorn-16145.exe
2688	Unicorn-36242.exe
680	Unicorn-56300.exe
2784	Unicorn-28266.exe
1692	Unicorn-39964.exe
2872	Unicorn-56492.exe
552	Unicorn-20290.exe
636	Unicorn-15459.exe
2512	Unicorn-56684.exe
2884	Unicorn-12122.exe
2152	Unicorn-31988.exe
1772	Unicorn-3954.exe
2976	Unicorn-61323.exe
1616	Unicorn-24178.exe
1092	Unicorn-61681.exe
2292	Unicorn-65018.exe
1800	Unicorn-48682.exe
532	Unicorn-28816.exe
868	Unicorn-17738.exe
996	Unicorn-9377.exe
2548	Unicorn-55049.exe
1960	Unicorn-50602.exe
1636	Unicorn-50602.exe
2120	Unicorn-42626.exe
2536	Unicorn-22760.exe
2756	Unicorn-9761.exe
2684	Unicorn-47265.exe
1656	Unicorn-33389.exe
2636	Unicorn-34650.exe
2660	Unicorn-6616.exe
2656	Unicorn-25138.exe

Loads dropped DLL 64 IoCs

pid	Process
2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
1732	Unicorn-31284.exe
1732	Unicorn-31284.exe
2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
1732	Unicorn-31284.exe
1980	Unicorn-20589.exe
1732	Unicorn-31284.exe
1980	Unicorn-20589.exe
2216	Unicorn-58284.exe
2216	Unicorn-58284.exe
3044	Unicorn-64283.exe
3044	Unicorn-64283.exe
1980	Unicorn-20589.exe
1980	Unicorn-20589.exe
2804	Unicorn-56115.exe
2804	Unicorn-56115.exe
2216	Unicorn-58284.exe
2216	Unicorn-58284.exe
2812	Unicorn-44418.exe
2812	Unicorn-44418.exe
2844	Unicorn-7874.exe
2844	Unicorn-7874.exe
3044	Unicorn-64283.exe
3044	Unicorn-64283.exe
2676	Unicorn-44076.exe
2676	Unicorn-44076.exe
1664	Unicorn-56883.exe
1664	Unicorn-56883.exe
2008	Unicorn-19380.exe
2008	Unicorn-19380.exe
2804	Unicorn-56115.exe
2804	Unicorn-56115.exe
2020	Unicorn-60412.exe
2020	Unicorn-60412.exe
2812	Unicorn-44418.exe
2812	Unicorn-44418.exe
2600	Unicorn-18114.exe
2600	Unicorn-18114.exe
2844	Unicorn-7874.exe
2844	Unicorn-7874.exe
1232	Unicorn-47449.exe
1232	Unicorn-47449.exe
1820	Unicorn-9945.exe
1820	Unicorn-9945.exe
2676	Unicorn-44076.exe
2676	Unicorn-44076.exe
2340	Unicorn-63977.exe
2340	Unicorn-63977.exe
2500	Unicorn-58269.exe
2500	Unicorn-58269.exe
2972	Unicorn-59146.exe
2008	Unicorn-19380.exe
2972	Unicorn-59146.exe
2008	Unicorn-19380.exe
1664	Unicorn-56883.exe
1664	Unicorn-56883.exe
3000	Unicorn-39472.exe
3000	Unicorn-39472.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1920	2140	WerFault.exe	46
1720	2020	WerFault.exe	41
316	2252	WerFault.exe	60
1784	1964	WerFault.exe	56
2420	2332	WerFault.exe	53
2000	2976	WerFault.exe	80
1348	2840	WerFault.exe	65
2556	2548	WerFault.exe	88
2188	552	WerFault.exe	72
1516	2872	WerFault.exe	71
540	572	WerFault.exe	100
2220	2660	WerFault.exe	98
752	2392	WerFault.exe	103
2132	1772	WerFault.exe	79
964	2512	WerFault.exe	75
2468	2776	WerFault.exe	124
1488	2056	WerFault.exe	135
1448	1556	WerFault.exe	127
2824	2908	WerFault.exe	122
1268	2040	WerFault.exe	131
1652	2932	WerFault.exe	143
3004	2940	WerFault.exe	104
2592	2636	WerFault.exe	97
3044	2312	WerFault.exe	141
2532	1328	WerFault.exe	149
868	1508	WerFault.exe	153
3996	2948	WerFault.exe	167
3392	2820	WerFault.exe	178
3596	2196	WerFault.exe	139
3364	1812	WerFault.exe	194
3076	2992	WerFault.exe	193
1732	2772	WerFault.exe	147
1208	3124	WerFault.exe	210
3808	2664	WerFault.exe	197
3844	3160	WerFault.exe	211
3952	3240	WerFault.exe	213
3980	3344	WerFault.exe	216
2936	2628	WerFault.exe	158
3312	3208	WerFault.exe	212
3308	3800	WerFault.exe	225
900	2248	WerFault.exe	160
3932	4028	WerFault.exe	234
4004	680	WerFault.exe	181
3732	3788	WerFault.exe	252
1420	1852	WerFault.exe	170
2676	2996	WerFault.exe	295
2284	3744	WerFault.exe	248
4300	3468	WerFault.exe	290
4308	3736	WerFault.exe	299
4372	2880	WerFault.exe	192
4452	3316	WerFault.exe	289
4444	2904	WerFault.exe	270
4556	4036	WerFault.exe	286
4704	644	WerFault.exe	265
4732	3088	WerFault.exe	263
3840	3640	WerFault.exe	314
1356	2644	WerFault.exe	310
3888	996	WerFault.exe	316
2168	3452	WerFault.exe	313
4892	5040	WerFault.exe	359
4712	5052	WerFault.exe	360
4956	4400	WerFault.exe	369
3480	4736	WerFault.exe	395
4496	4848	WerFault.exe	414

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12640.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
1732	Unicorn-31284.exe
1980	Unicorn-20589.exe
2216	Unicorn-58284.exe
3044	Unicorn-64283.exe
2812	Unicorn-44418.exe
2804	Unicorn-56115.exe
2676	Unicorn-44076.exe
2844	Unicorn-7874.exe
1664	Unicorn-56883.exe
2008	Unicorn-19380.exe
2020	Unicorn-60412.exe
2600	Unicorn-18114.exe
1232	Unicorn-47449.exe
1820	Unicorn-9945.exe
2972	Unicorn-59146.exe
2140	Unicorn-8876.exe
2500	Unicorn-58269.exe
2340	Unicorn-63977.exe
3000	Unicorn-39472.exe
1320	Unicorn-23851.exe
1552	Unicorn-53186.exe
2448	Unicorn-15875.exe
2332	Unicorn-34131.exe
2436	Unicorn-25771.exe
1508	Unicorn-5905.exe
1964	Unicorn-9434.exe
888	Unicorn-46938.exe
2252	Unicorn-38961.exe
1868	Unicorn-1266.exe
1612	Unicorn-50659.exe
2920	Unicorn-26705.exe
2748	Unicorn-64208.exe
2840	Unicorn-58500.exe
2624	Unicorn-16145.exe
2688	Unicorn-36242.exe
680	Unicorn-56300.exe
2784	Unicorn-28266.exe
1692	Unicorn-39964.exe
2872	Unicorn-56492.exe
552	Unicorn-20290.exe
636	Unicorn-15459.exe
2512	Unicorn-56684.exe
2152	Unicorn-31988.exe
2884	Unicorn-12122.exe
2976	Unicorn-61323.exe
1772	Unicorn-3954.exe
1616	Unicorn-24178.exe
1092	Unicorn-61681.exe
2292	Unicorn-65018.exe
1800	Unicorn-48682.exe
532	Unicorn-28816.exe
868	Unicorn-17738.exe
996	Unicorn-9377.exe
2548	Unicorn-55049.exe
1960	Unicorn-50602.exe
1636	Unicorn-50602.exe
2120	Unicorn-42626.exe
2536	Unicorn-22760.exe
2756	Unicorn-9761.exe
2684	Unicorn-47265.exe
1656	Unicorn-33389.exe
2636	Unicorn-34650.exe
2660	Unicorn-6616.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1732	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	30
PID 2136 wrote to memory of 1732	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	30
PID 2136 wrote to memory of 1732	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	30
PID 2136 wrote to memory of 1732	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	30
PID 1732 wrote to memory of 1980	1732	Unicorn-31284.exe	32
PID 1732 wrote to memory of 1980	1732	Unicorn-31284.exe	32
PID 1732 wrote to memory of 1980	1732	Unicorn-31284.exe	32
PID 1732 wrote to memory of 1980	1732	Unicorn-31284.exe	32
PID 2136 wrote to memory of 2216	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	33
PID 2136 wrote to memory of 2216	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	33
PID 2136 wrote to memory of 2216	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	33
PID 2136 wrote to memory of 2216	2136	ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe	33
PID 1732 wrote to memory of 2812	1732	Unicorn-31284.exe	34
PID 1732 wrote to memory of 2812	1732	Unicorn-31284.exe	34
PID 1732 wrote to memory of 2812	1732	Unicorn-31284.exe	34
PID 1732 wrote to memory of 2812	1732	Unicorn-31284.exe	34
PID 1980 wrote to memory of 3044	1980	Unicorn-20589.exe	35
PID 1980 wrote to memory of 3044	1980	Unicorn-20589.exe	35
PID 1980 wrote to memory of 3044	1980	Unicorn-20589.exe	35
PID 1980 wrote to memory of 3044	1980	Unicorn-20589.exe	35
PID 2216 wrote to memory of 2804	2216	Unicorn-58284.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-58284.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-58284.exe	36
PID 2216 wrote to memory of 2804	2216	Unicorn-58284.exe	36
PID 3044 wrote to memory of 2676	3044	Unicorn-64283.exe	37
PID 3044 wrote to memory of 2676	3044	Unicorn-64283.exe	37
PID 3044 wrote to memory of 2676	3044	Unicorn-64283.exe	37
PID 3044 wrote to memory of 2676	3044	Unicorn-64283.exe	37
PID 1980 wrote to memory of 2844	1980	Unicorn-20589.exe	38
PID 1980 wrote to memory of 2844	1980	Unicorn-20589.exe	38
PID 1980 wrote to memory of 2844	1980	Unicorn-20589.exe	38
PID 1980 wrote to memory of 2844	1980	Unicorn-20589.exe	38
PID 2804 wrote to memory of 2008	2804	Unicorn-56115.exe	39
PID 2804 wrote to memory of 2008	2804	Unicorn-56115.exe	39
PID 2804 wrote to memory of 2008	2804	Unicorn-56115.exe	39
PID 2804 wrote to memory of 2008	2804	Unicorn-56115.exe	39
PID 2216 wrote to memory of 1664	2216	Unicorn-58284.exe	40
PID 2216 wrote to memory of 1664	2216	Unicorn-58284.exe	40
PID 2216 wrote to memory of 1664	2216	Unicorn-58284.exe	40
PID 2216 wrote to memory of 1664	2216	Unicorn-58284.exe	40
PID 2812 wrote to memory of 2020	2812	Unicorn-44418.exe	41
PID 2812 wrote to memory of 2020	2812	Unicorn-44418.exe	41
PID 2812 wrote to memory of 2020	2812	Unicorn-44418.exe	41
PID 2812 wrote to memory of 2020	2812	Unicorn-44418.exe	41
PID 2844 wrote to memory of 2600	2844	Unicorn-7874.exe	42
PID 2844 wrote to memory of 2600	2844	Unicorn-7874.exe	42
PID 2844 wrote to memory of 2600	2844	Unicorn-7874.exe	42
PID 2844 wrote to memory of 2600	2844	Unicorn-7874.exe	42
PID 3044 wrote to memory of 1232	3044	Unicorn-64283.exe	43
PID 3044 wrote to memory of 1232	3044	Unicorn-64283.exe	43
PID 3044 wrote to memory of 1232	3044	Unicorn-64283.exe	43
PID 3044 wrote to memory of 1232	3044	Unicorn-64283.exe	43
PID 2676 wrote to memory of 1820	2676	Unicorn-44076.exe	44
PID 2676 wrote to memory of 1820	2676	Unicorn-44076.exe	44
PID 2676 wrote to memory of 1820	2676	Unicorn-44076.exe	44
PID 2676 wrote to memory of 1820	2676	Unicorn-44076.exe	44
PID 1664 wrote to memory of 2972	1664	Unicorn-56883.exe	45
PID 1664 wrote to memory of 2972	1664	Unicorn-56883.exe	45
PID 1664 wrote to memory of 2972	1664	Unicorn-56883.exe	45
PID 1664 wrote to memory of 2972	1664	Unicorn-56883.exe	45
PID 2008 wrote to memory of 2140	2008	Unicorn-19380.exe	46
PID 2008 wrote to memory of 2140	2008	Unicorn-19380.exe	46
PID 2008 wrote to memory of 2140	2008	Unicorn-19380.exe	46
PID 2008 wrote to memory of 2140	2008	Unicorn-19380.exe	46

C:\Users\Admin\AppData\Local\Temp\ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ae61e8ef3e86e6456405ac938e69ee65_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        12⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        14⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        15⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        17⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        18⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 240
        19⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        15⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3180.exe
        16⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        17⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        18⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        19⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        20⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        21⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7481.exe
        22⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19013.exe
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        20⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        21⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21426.exe
        22⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        19⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        20⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46485.exe
        21⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 220
        22⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        20⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
        22⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
        19⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22531.exe
        20⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
        21⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        22⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        21⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        12⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        13⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        14⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        15⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9506.exe
        16⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1665.exe
        17⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
        18⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        19⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47699.exe
        20⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19869.exe
        21⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
        22⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
        11⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
        12⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 244
        13⤵
        Program crash
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        12⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        13⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22075.exe
        14⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19735.exe
        15⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        16⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        17⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29100.exe
        18⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        19⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        20⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 244
        21⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        16⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        17⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        18⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 220
        19⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        18⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65234.exe
        19⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        20⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        15⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        16⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52701.exe
        17⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        19⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        20⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        21⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        18⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11508.exe
        19⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 220
        20⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        11⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50966.exe
        12⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 220
        13⤵
        Program crash
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        12⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13880.exe
        13⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        14⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        15⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 240
        16⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14572.exe
        11⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 224
        12⤵
        Program crash
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        11⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        12⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        13⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        14⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        15⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        16⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        17⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        18⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        19⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        20⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        21⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        22⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        16⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        17⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43625.exe
        18⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        19⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        21⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        11⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        12⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
        13⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        12⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        13⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        14⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        15⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        16⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4979.exe
        17⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        18⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        19⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        20⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        21⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        22⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 248
        8⤵
        Program crash
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50602.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        9⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 224
        10⤵
        Program crash
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11583.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        11⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        12⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        13⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        14⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24577.exe
        15⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
        17⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        18⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        19⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        20⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        21⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        11⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        12⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        13⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        13⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        8⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20219.exe
        10⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1926.exe
        11⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        13⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
        14⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-347.exe
        15⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        16⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        17⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        18⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        19⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        20⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        21⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46254.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        12⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        13⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50591.exe
        14⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        15⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        16⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
        17⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        18⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        19⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        20⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        20⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        17⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe
        18⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        19⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        9⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 244
        10⤵
        Program crash
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
        9⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        10⤵
        Program crash
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        9⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36441.exe
        11⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
        12⤵
        Program crash
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        10⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 220
        11⤵
        Program crash
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 224
        9⤵
        Program crash
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63280.exe
        10⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 240
        11⤵
        Program crash
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
        13⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 220
        14⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        8⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60260.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        11⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        12⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        13⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        14⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 220
        15⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
        9⤵
        Program crash
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56435.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        11⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        12⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48216.exe
        13⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54249.exe
        15⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        16⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        17⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
        18⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        19⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        20⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 220
        21⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
        11⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 220
        12⤵
        Program crash
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        10⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32949.exe
        12⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
        13⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
        15⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        16⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        17⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11336.exe
        18⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        19⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        20⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        21⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
        9⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 244
        10⤵
        Program crash
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36761.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        10⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 220
        11⤵
        Program crash
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
        11⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 220
        12⤵
        Program crash
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
        9⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 240
        10⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        8⤵
        Program crash
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        12⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        13⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37254.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52765.exe
        15⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        16⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        17⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        18⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        19⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        20⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
        21⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        19⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 240
        20⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        11⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
        12⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        13⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        14⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        15⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        16⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        17⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        18⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 240
        19⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
        18⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 220
        19⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        16⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        17⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 224
        18⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        17⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55203.exe
        18⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44402.exe
        19⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        12⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        13⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        14⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 224
        15⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        9⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 220
        10⤵
        Program crash
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        9⤵
        Program crash
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        9⤵
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 224
        10⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32604.exe
        11⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
        12⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        13⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48884.exe
        15⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        16⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        17⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        18⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        19⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45603.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        11⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27109.exe
        12⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17535.exe
        13⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54748.exe
        14⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
        16⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        17⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        18⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
        19⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        16⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20087.exe
        17⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        18⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42027.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        13⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        14⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        15⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
        16⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        17⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        18⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        15⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        17⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        18⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25095.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53289.exe
        12⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        13⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        15⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
        17⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        18⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
        19⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 224
        20⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43287.exe
        17⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        18⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
        19⤵
        
        PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24178.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        11⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        13⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        14⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28318.exe
        15⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        16⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
        17⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        18⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36744.exe
        19⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        20⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39967.exe
        21⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
        22⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        23⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        20⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        21⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        12⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38001.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        14⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        16⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53814.exe
        17⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        18⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        19⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        20⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        21⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        22⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        23⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        21⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        19⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
        20⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
        12⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        13⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57160.exe
        14⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        15⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
        16⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        17⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 240
        18⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        11⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40113.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27659.exe
        13⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        14⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
        16⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        17⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        18⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        19⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54456.exe
        20⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        21⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 248
        18⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        10⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        11⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 220
        12⤵
        Program crash
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        10⤵
        Program crash
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        9⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
        11⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        12⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        13⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        14⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        16⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        17⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28005.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        19⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        20⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 220
        22⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28550.exe
        13⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        15⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32029.exe
        16⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        17⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62950.exe
        18⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 240
        19⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4187.exe
        15⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        16⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        17⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        18⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55146.exe
        19⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        20⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
        12⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54166.exe
        13⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
        14⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
        15⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 220
        16⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10260.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        12⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 220
        13⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
        9⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 224
        10⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11225.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1682.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
        12⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        13⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        14⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        15⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 220
        17⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        11⤵
        Program crash
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        11⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 224
        12⤵
        Program crash
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25101.exe
        9⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 220
        10⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        9⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 244
        10⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32553.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        11⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        12⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        13⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        14⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        15⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25753.exe
        16⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
        17⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48540.exe
        18⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        19⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        12⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        12⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61770.exe
        10⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        11⤵
        
        PID:644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 224
        12⤵
        Program crash
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40228.exe
        10⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        11⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40554.exe
        12⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
        13⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        14⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        15⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        16⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        17⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        18⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe
        19⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13096.exe
        20⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34345.exe
        21⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54061.exe
        18⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        19⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        20⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        13⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17618.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        15⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        16⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        17⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37165.exe
        18⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        19⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        11⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38987.exe
        13⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51229.exe
        14⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        15⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        16⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        17⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        18⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11575.exe
        19⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
        20⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
        21⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63366.exe
        20⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        16⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        17⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        18⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
        19⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61311.exe
        20⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 220
        21⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        19⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        11⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 220
        12⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2673.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34438.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        11⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        12⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12640.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40114.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        16⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        17⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        18⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 220
        19⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        9⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 200
        10⤵
        Program crash
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        9⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 224
        10⤵
        Program crash
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 248
        9⤵
        Program crash
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 220
        11⤵
        Program crash
        
        PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63337.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
        11⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49093.exe
        12⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        13⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        15⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        16⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 224
        17⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64816.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        11⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        12⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53014.exe
        13⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        14⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        15⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 220
        16⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
        12⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        13⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        14⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        15⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        16⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        17⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-937.exe
        18⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30673.exe
        19⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        20⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        21⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        18⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        20⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        11⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
        13⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        14⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        15⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        16⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        17⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 220
        18⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        16⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        17⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5644.exe
        18⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        19⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        15⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50527.exe
        16⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        17⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32178.exe
        18⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4347.exe
        19⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
        12⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        13⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50539.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40114.exe
        15⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        16⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        17⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        18⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17108.exe
        19⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        20⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        11⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 240
        12⤵
        
        PID:3916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        Program crash
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
        8⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 220
        9⤵
        Program crash
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35533.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14622.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
        12⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60933.exe
        13⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        14⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        16⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        17⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        18⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        19⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        20⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51640.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        9⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        10⤵
        Program crash
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        11⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 220
        12⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32252.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        9⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
        10⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        11⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        12⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 220
        13⤵
        
        PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        7⤵
        Program crash
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 224
        7⤵
        Program crash
        
        PID:2000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 248
        5⤵
        Program crash
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41443.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 224
        9⤵
        Program crash
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2989.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53768.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
        10⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        11⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47264.exe
        12⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        13⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8048.exe
        14⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        15⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        16⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        17⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        19⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        20⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        12⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47436.exe
        13⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        14⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51933.exe
        15⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7190.exe
        16⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        17⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        18⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37788.exe
        19⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        7⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 244
        8⤵
        Program crash
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40182.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        11⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47949.exe
        12⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        13⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        14⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 240
        15⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        14⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        15⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        16⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33859.exe
        17⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        18⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        19⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        12⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 224
        14⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 248
        8⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 248
        7⤵
        Program crash
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16093.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        7⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 224
        8⤵
        Program crash
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10498.exe
        7⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
        8⤵
        Program crash
        
        PID:3392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        6⤵
        Program crash
        
        PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 244
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        12⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 244
        13⤵
        Program crash
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        11⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        12⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        13⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        14⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
        15⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 244
        16⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 248
        8⤵
        Program crash
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29553.exe
        7⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 244
        8⤵
        Program crash
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 220
        7⤵
        Program crash
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 224
        10⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 220
        10⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2891.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        11⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        13⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9864.exe
        14⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7524.exe
        15⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        16⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        17⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        18⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        19⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        20⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        17⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        18⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9526.exe
        19⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        16⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        17⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        18⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16082.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        10⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
        11⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        12⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        13⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        14⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 220
        15⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 248
        7⤵
        Program crash
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18901.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9684.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        12⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36953.exe
        13⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41136.exe
        14⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 224
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
        11⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58624.exe
        13⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 220
        14⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13216.exe
        12⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        13⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58074.exe
        14⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        15⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        16⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        17⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27144.exe
        18⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe
        19⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        20⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        19⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        15⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3163.exe
        16⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30123.exe
        18⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        19⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
        16⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        17⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        18⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56404.exe
        8⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 220
        9⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34618.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-359.exe
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56122.exe
        11⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        12⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        14⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        15⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        11⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        12⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        13⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 224
        15⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        11⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        12⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
        13⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        14⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        15⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        16⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        17⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 240
        18⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 248
        9⤵
        Program crash
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
        11⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe
        12⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50731.exe
        13⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        14⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
        15⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30278.exe
        16⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33667.exe
        17⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
        18⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        19⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13503.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
        9⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 224
        10⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        9⤵
        Program crash
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        6⤵
        Program crash
        
        PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        7⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49611.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        11⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        12⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        14⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16907.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        16⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        17⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
        18⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        19⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        20⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        21⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54915.exe
        10⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        11⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
        12⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        14⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        15⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        16⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51199.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        12⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
        13⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41764.exe
        14⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        15⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        17⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        18⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 244
        19⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44042.exe
        14⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        16⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        17⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6137.exe
        18⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 240
        19⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41750.exe
        11⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        12⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        13⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
        14⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22185.exe
        15⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        16⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        17⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        18⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        19⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        20⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1808.exe
        15⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 220
        16⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 248
        7⤵
        Program crash
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        6⤵
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 244
        7⤵
        Program crash
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        6⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 244
        7⤵
        Program crash
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        12⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        13⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        14⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13313.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 240
        16⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32923.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        11⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        12⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        13⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 244
        14⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22236.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33243.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40306.exe
        12⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        14⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        15⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        16⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        17⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        10⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50103.exe
        11⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        12⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        14⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        15⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        16⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        18⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51833.exe
        19⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        18⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        17⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
        16⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        15⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
        14⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        13⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        12⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        11⤵
        
        PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        5⤵
        Program crash
        
        PID:316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe

Filesize
192KB

MD5
a154e21ac964e10a3d683306cbd3b9a0

SHA1
9053c2ef2cfefa5a968612d77132765c1def5088

SHA256
716af9b1aba2502637db738c220fa2f96447c69d83f87def47af17d3aa6cb24c

SHA512
a3d5c39a256243fdf8cd5995563790184c4abc1728814ebdef75c07c65f2d476c4224238f5628f1d47790b03887084c93dbe1f3221d618af3b308e0f00f8bf2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe

Filesize
192KB

MD5
5726fde2bc9c2bc85de3c8077b612220

SHA1
6cd8786296d1e531b2b8d1e7a0055f13e7b7bbc9

SHA256
ebb37f12f4ae6eedb0505118493e433917e165b83f23bd7183bb2c46128474c6

SHA512
555c5ac03deabbbe263591be087b8890b2959f442b19b588ee2f9da750bf46deb967e8d695c654477b98eea6f15d268575ff614c5f3fed3f7e0cc51879931d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14554.exe

Filesize
192KB

MD5
1fc7e2391cf8e318178f402c5e64876c

SHA1
bd336f187631c9deee2456fbca6bfaa44c995ab8

SHA256
c5c5fdbb2797dcce93d4d8783944e35ebc6c357f732fd9973f36010d662cbbd8

SHA512
08283e30250e6b5fb019323339c30e625ce4ec3bdb27739ce7cbd77b70e5e466bd2bff4bac96d57d3100fd5a656f039216c2ef9c1d45216a2949ab08505c56f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe

Filesize
192KB

MD5
4c5c38f17d486dd857c36d39b0d0814c

SHA1
2f6f705a06a81aef1c94c9b7d4eaab6cd7c8e483

SHA256
37f1087473eb6da5a4b9b02b9388613a7516052a04300eae4b71a6bc2fedc437

SHA512
a808c210a596b846f6ce45bbc1c88708463b308d54ec0b8e5b28619ee4922db8e014e1b7727fd4bfc1f861a606255249d52b3b3bbc79449f40ca89584e0b8648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe

Filesize
192KB

MD5
42f5ce9d7884ba8a76339baa32df5542

SHA1
d4b699b419311e439e02a19c6c149220d9679035

SHA256
f9b1b45b1fec7854c9baaa9298cec1474fc1a46c90f9c2bd050832428f46cd04

SHA512
4ca594ce2f120499d4264703548a93ebf183a02bdfcfff1a73d3255e2e9260e70084d4e38955a8de3de802cfb208f2759f4d1fc4965dda3877db5c2b863c4d87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe

Filesize
192KB

MD5
5f08b4e0d824044e620d8df27af8fbcf

SHA1
82b19c6cd4f4df82401a31c2e4fa36126799876c

SHA256
4ba6b238906376fc746276b4a110553b624c6499df27e8bac749c0aa72f22ae9

SHA512
d34dd0e9f7207083bb86954bd009a087d5ee1fb6e02b0613e527b164abb0089663fd3adc5e643aaa3589adb4f1bc8fb95742f1cc01db5a66d4560ede007261b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe

Filesize
192KB

MD5
a93ea6a07c79eb719919a7ebad8d931b

SHA1
0d910fe0428755bd738c0995274129d0e8136aa5

SHA256
a73194ae23abe6cc926bf3878c7d75c5441ec8978fd1dd8ac21523db12dbdf88

SHA512
fa05253345f43d106ef0587491cd3a399c6d4d2606b8d17db7731a31c1905fc24d19555cc66fd1a97f759f5e28c78126ab9a7316d40790d5e2f8841777dcf23b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5447.exe

Filesize
192KB

MD5
8e670aa3124178b1b47aa3369badd0d7

SHA1
385f04d34704183029e068516b66c21415acfbf8

SHA256
b507a6089cd54e5590659fca2c2e188bd01854722ec74d30509d235f85d68339

SHA512
78baed30b3ca2b00cf6f1281c9f965ad4917656e6f0497304840761813084c3786bc1208b9ae896a6af78938d9d371ac495909420f28f988e3596f45fa96ad49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe

Filesize
192KB

MD5
77b84e7c0556b7f6cb149acab3630dda

SHA1
79f2bf1e40d11130ef028c894e9b3227efdd3f37

SHA256
0ad62efa6831b7f2bdbf76efb6043090ba32576d78f895dc0c10c8ec1f2a778d

SHA512
37bf329a3383aefe5b9f2c705258e8eb84006ee68a99665260ce6e278adba70b855ddead64a0877f69ed1fa0fe8ec8066d506da7b4971d675ca97747c297f3f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5584.exe

Filesize
192KB

MD5
21e49c2cd075b43a8928f25c338df731

SHA1
563368979c4028dded054bd2985709be8cf4537a

SHA256
5de231f9485e2513061c9029937b9693d7848d5fc0109c70de08a0d83c2c50d1

SHA512
b5d524809111e295a755aae6564046e56063564074db803c9f87c46eaf7499580a28ce1f18b37bd703a0f3ebec51b4f5775cf1589684151bbb64a0e0b490c254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe

Filesize
192KB

MD5
38e28ebe5d3c227755585d33ce76d73e

SHA1
7da8ee9e405f6b3c1fc5d466168ffb36e1b63593

SHA256
d7eb90b6e94e6d6cfa466fa034b6678a070837f62793d8edbda7df0db8f8c3a6

SHA512
661c6929dfdc5d5e877022d9ddf87e1ab3e1425ddff15cb1136ef41d9626bb787e17f85f3e9c41f66c8e93300fffe3605513eaf89d4e389ed431ef48d485dd30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5899.exe

Filesize
192KB

MD5
58cb600e21937c364ea187ffab2a202e

SHA1
6371214cfe699a4dae6ce3337b9fdc4e3e403c1d

SHA256
c6ca809f421d9332a2c6a64c075d576fdf053846f2f413103cd0bb04d651c9dd

SHA512
5995c8f630e0c83dfa866ec4c5265d2ea2dffc5aafa743bfa2936dc024e4d121e10347fd68b829407b7fa16f1529f57ef3bf5da63da4291a0cdc6fc9832a2233

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe

Filesize
192KB

MD5
791006a2b405d9c33827481ebf5f0b13

SHA1
0feaf1f47d213f60df77c1aa5002ff3758e0a74f

SHA256
30fd63f5637c5f0c6451611561fffb6d1d2af4e464ba6610701bb3d2f56c922b

SHA512
f5bb72d155d1513b84651ddb5479c4896e0314fb4655734b4fbac2d3d64d2b20f7cec5fed97bb1f6ff419ff4045f24b906cd3815660ffdf2d799a438bb23d73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe

Filesize
192KB

MD5
51293d3f61ead31e9029d3eb0fad3087

SHA1
57191f3fc86dc118fe7a298c768a40497d29f4dd

SHA256
b390f63493dea2fbb5f9a45379776a5ea0bdf881c40ca66e240e6cc704a6c006

SHA512
bf4c5322b825332d66166aea5be2de5c7211be7b9600d468f4149c652e5fedfbce080c82af6882a65bd4f88cac85287e7a5b8635184d3affa10c5f7a7613e251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6466.exe

Filesize
192KB

MD5
f8337568e23a18d1d0f3d589e8f5b040

SHA1
2b6e11d8866f6214cc1b4c29888354e7e0aa6c2e

SHA256
1443de3441780ecb25de9ec59d55700ec9d68c2ea46dd079a0deb6b72a18a1e4

SHA512
096ca887a61224eb396d1c1bc0f7ad2ac636c9704ff70f3564c04ae55fe696d3766fbb5c8e6540c5aec6c0146f3b0ee5a7a79ea51616c88a2c6e83a3ddb7b29a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6469.exe

Filesize
192KB

MD5
85152c86589f3828a2dfa8299fd3b740

SHA1
8bac7e9c9c9eb84c6316d7e77d6946bd8e9d0ebf

SHA256
cbf9d2111d46fb5f8ebde682485724751101e2fe909df976ac97ecd94b8ecf69

SHA512
fa6f1b8a78e68a4b5b54273f45440d01ee49ec0e41c7b23ac872920a55098937d7ecd73cb370c7ea3391f6f724a910c74c75bc86943e4d3bfb93aa08c2b3c219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe

Filesize
192KB

MD5
030c7d608f08f73eda2863323852d2cc

SHA1
20a5582178f0f96e52897292b5e2bb3dcd8d83f7

SHA256
e045146eab044bc8f47850a03992881fe84616eff28d0047a8040ea7b86d9dd4

SHA512
e991dd9b2dd6355c7bafbd4fc2aa682bbe23a8dedfa820e358aa62464ff5c869aa154fa67cd14a0ca8af5435fe95bff28cbb5cc37373573ebeb48898ff07b842

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe

Filesize
192KB

MD5
5fb9cf7b7f8a6180a3c74313078a3cea

SHA1
363243ba6aeb3be3f80823fa037795daa8672a7d

SHA256
e9af747cf7d2435d5ff82faa34818e44f54da7545b6efb6317ff5d1e26bd6632

SHA512
9745ca5ad3822a5010a5474f4dd8b1c44ab071b6c30947d0887c67411da6856a2779d1b41295ca5c38b4681a86ebcd415ddb1578b51be085c030b91c525f6bec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe

Filesize
192KB

MD5
658f4cd5c1a27c7c0d6ba842b9e46295

SHA1
9be2b045d642bd62ab31234400f58b5c62486cee

SHA256
a78f58546ceb82a68fa2a5340bfdf2536e52d279ecc06061b3a282d2f9b32a6e

SHA512
4229618fae988a1793209cbd91cb4ad4ce2c9cc2853899530b71edd71b530bd1d294278d1c111e95799ed23df8a8eae090058e3906c692b90f4d0ba6fd84ca29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe

Filesize
192KB

MD5
d2441ca8b36fdc1b7a17fde8f7a6963b

SHA1
1bc2481c862e58c3f27c3ff04d2506c37ccdaf1b

SHA256
2e3be117406748ad400741c32fc008efce72feef7f53f7afa88ddbc73aa8a977

SHA512
6c4a43c786203a605330e9574fe9b6703fd1d6cd14deaa938f574fd326bc9b836ae7c4b3cca37153dc86f909940772dfedf9a293ddc36880baebd496139783d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe

Filesize
192KB

MD5
7f2ad5a77c47d5c1c3c1b87c1f7c7f4d

SHA1
9b802f86506d4ff37a5ddbda0de69dd547a03196

SHA256
74e4a1ff5cfa3f9758bf4c5ff5c44f415492af87b29a640b2c563e443e182c27

SHA512
e52dcbb551c49750555f97c328f89fb44e60e5c934962b16d81b971496ceb2e09be91109b6201abe5cb7addb24dcac70ec6a8f25545e81670320516f8d740fd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe

Filesize
192KB

MD5
4f4d57aac6129c9add023484a9f8d671

SHA1
8201d72a2d07d26a6d74455d231b394c57878892

SHA256
262648d4ff89fa02b92ca7fefca5a9d7446b67d8fbcdc5a79b0b0bb8ba87142f

SHA512
d4b5c6f4a24c39bcc07503ae8dbcb6fa77bed4f719f5c7c68de643d558d5681e1b3ebb8c201e244df2d3f2aa413ddcf8c352bd5792f45230e04c9c751959968b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe

Filesize
192KB

MD5
236161340fb396b620bb83603cd874d3

SHA1
2d1f9616a5afc8f9d3c8739d966c46c787244581

SHA256
b61ffd4e2b16b1497bdbfd9add93981ad03c5008af4cb1d5c6d7494fd08b8b88

SHA512
b347a482d066892e3f61bf5fca627950923e04bf4f0fa14cbfacbfdb654fba21f76d15fd4c02392ba548e629fdd97eb34a6d8500acabb29be3e4eb772ac1bb03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe

Filesize
192KB

MD5
301ba33663b8d921875b9e11a393e005

SHA1
a5c6ffe8f682fb29ccd9f3443d1daf2073a73984

SHA256
8f9c9bf0a37772394e579b9aed95dcac9086667b2a5d9ecc93fa043310e72680

SHA512
2ac018942105416c44899031e14cf52024fa650d25f9cc3fbc56878397119edbfc2df0ac36a1b4d42be5693b5b538e37a86ee0fa24c4696cf98e6211ccc56b41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44418.exe

Filesize
192KB

MD5
e0a9f18ffd97596e98fd2963dccd1d75

SHA1
4c265dfb252b87a0a6e8fb92f8dbe95a5e89baf4

SHA256
5ef5bd2e517ec6f1b9eb6243571692703f7cf5dcab9ffa1c7f0e898ebfe284b3

SHA512
d27b45360d462153f01047fdb573139cfa5e1efa101cf6b505fa31c5380f66ce708a8f68a3c2b47ce0bd1367dc0bdde46e07463658bf379a0d7f46461478e737

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47449.exe

Filesize
192KB

MD5
a8787437df390595a626224283590c6d

SHA1
4772a3d6cbd6366ee67e908b3a0bc42dd5319141

SHA256
281076775df3634479c1dfd575b4dcf1e7becc8642ed86251ad7b7f96df2b4a0

SHA512
93be200811049221d9aabe157e855eff549bc41f55e175473b12d0d5584e47c070c206012a8a4d88d3a50c000ac6b854b5d421b8253c8433e688715d8cc9710c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe

Filesize
192KB

MD5
ab72b33728ce7d933c38d715c0471358

SHA1
713c5335adc3ba42c29ed62191e11e6de7c36b13

SHA256
4719d69fd7e779aef3fb524f3a4dafcd351af464c13b2deb05fc25084f8257bd

SHA512
c730c81dd2620f86084c512f8e6fcafe7f1bb020f07d690457cc863080aa2b3a07d45f035f67fd64b586d766cd28d0f10747e61e1fae53d868e61f1daa31493d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe

Filesize
192KB

MD5
823d3fded089d3244f851cf857ca426f

SHA1
b038a87a8564596245493af8f551f168b10a1008

SHA256
1ce4a1b35149593b7c3fdaf2d9479f7fc4d0f89bc9befad752d3f0bef05d1b19

SHA512
35db5c9778ca12a9b22727e530f0c9f21f7beacbf9672ed8ea15f3402b2aacc14a86699040f2698cc914e53e206fe73a977d6b7896a491f87c769a057c86a083

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe

Filesize
192KB

MD5
1fccb821d56a8a9a1be081c92b074be6

SHA1
471add23ce41ae996b7381c1464f5aed935a24ad

SHA256
5e9f59c0552575fb8a55d70362b213e29360e7e361417d2cd48b7368b9715f22

SHA512
303533114c092c5083eba7fab5c3640459fcdc3d9dfb396a963c03471fc1817749a5ea417c612b4a5290ca1ffd4309675dce7669f821139c341ec2143bbeca3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe

Filesize
192KB

MD5
fc4af30f90b667dcba9287140438a62e

SHA1
03d2ea49213081de4fa93b3d55457163220c24d4

SHA256
60b7df5f5690d5e90cdca729cd1f85430cf8d25c9db6c13f79239f42757921bc

SHA512
9c80855a6261ccbd32dcb499a91528b92d6d8be0c5368677a5f7e1adaa451dc301905c1b7e936f2ebf19c437b3e1f8e65892062451a81235dd54b4a62d683ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe

Filesize
192KB

MD5
b11cc3faceb46319316c291b19db6df7

SHA1
fb38d49977c06bf97a445aff33139c8b55349609

SHA256
781db472185c48b10d21f5bfb0d5899cd7a63ac12668bea367982a1a3290a177

SHA512
621a367349f827132256e756d5d1c703b8b1583d0ef41d882494ae2ae4824f9d4de85d0d67e3f339ea129f4e248aab31cf7f2419b645081961d2968dc73e69c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63977.exe

Filesize
192KB

MD5
bdef0acda71a379a8de5c491168d918b

SHA1
29b7055e0581e1f812ab690e985276b6dc3dfbe5

SHA256
29c1c2f7af3fcc03cf2e321cfad7c0ed7fed71d6608b50f7905e04f8ddfdd6ff

SHA512
a6534aa9f7b0c9be4fe1e3e13a0fe87f75cb129084f188e75c3d2ac8d80211cc2c88e781b66e6037b0d36dcaaf76be9ab5d3a892f85cd269968bae82eb1bf0c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe

Filesize
192KB

MD5
e4e8b333e3aaeadc70ad349764233878

SHA1
1014e7e957f5522fda10bb53b2af7320aee26a04

SHA256
e863d3b8ef968fd5ff52c4d77f364d136bbae039ccf39c9dbca1b4a3bd9f9d82

SHA512
0d28052cc5b4cf0f80fb6fbf58bb7a0b81942cdafce4450ef2f368734261afae2970b6ce970924186763689a06ea0d1e5b8bc9bfa315a1b39ccf15c34caab200

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe

Filesize
192KB

MD5
ad77c54c45af12991189dde161966b81

SHA1
ecb137d0b70e5c50ce3f959996c56efde9a1af56

SHA256
f9d540ff4958a6a90f0abc107f768db0155b8245dd3ab1f35ee0b89e28c257fa

SHA512
02ef2ef15116c8d220b049fd9b64098b227399e3ffb5fabe98aef3bd2b4d73706adf1a67c0cf983f7336ce3ef5b220cab8c051f1f3dd1121a047231ee0da1281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe

Filesize
192KB

MD5
8eaf28d91ede77064debba8f578732fe

SHA1
e3a1bfba07d5582c3a9cba1c3ba69d8281a58a67

SHA256
28e760abec63918e7644565d354eded94fb0360e626ff31ea00155d5117818b8

SHA512
8bf0b7abd893a5e5b71bdbc486477391ee0f88ddd854b0f7032c2631a9b811a32e35ca80df643511964c9f4d0e57c1f91abf2fe104a93d3e3335bdcb80506f04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe

Filesize
192KB

MD5
7241d2b4b793293434d41dc36f2fb1de

SHA1
460775926f0bfb25fc6a8de0b61bfdc1ddfef5cd

SHA256
e70b39e389c605ca6da623210d73b7483cc738b5ace5196a8fa89716ab6575a9

SHA512
cdd01c357ff43ff46f60e929c4e1db17ebdeab7c4b6373242d59c10a58a6f1e7f8546e1fc3642981e92b37f8154890e51766becc6b8d9feea3929d60e130b7eb

Download Submit