cefbd830c0ba6023c1e79d8bcc9817b79e0bd92050a1781f3d66d6a5f8feba46

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 20:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
Size

192KB
MD5

f3e69deb6d59a58e78aeabb495b3b9e8
SHA1

7f6ba330c8f8d3ef4d94f08593dbc3e01f357ee5
SHA256

bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1
SHA512

f091d5ecb56fa49f525903956d8611154f4e556d46835cf9a36d967033d11863fcdb71cf6cbf0c2c03bead65c6f8abcc1c6d53e4fce4128df5db0a6f78ea4a7d
SSDEEP

3072:JreDo37wBYnUkQEX3uNhZL856DPVrftotlgmxogWB26lVvMi:JruoaijQOubZL8sQUc6lVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1572	Unicorn-8679.exe
2800	Unicorn-25845.exe
2708	Unicorn-45711.exe
2888	Unicorn-53962.exe
2556	Unicorn-63199.exe
2860	Unicorn-43333.exe
2960	Unicorn-20858.exe
448	Unicorn-40724.exe
2076	Unicorn-30418.exe
1520	Unicorn-26334.exe
2280	Unicorn-37194.exe
2904	Unicorn-32639.exe
2884	Unicorn-26417.exe
888	Unicorn-2467.exe
2152	Unicorn-18249.exe
2120	Unicorn-63920.exe
2092	Unicorn-48975.exe
2112	Unicorn-29109.exe
1552	Unicorn-47605.exe
1232	Unicorn-41923.exe
1468	Unicorn-22057.exe
2512	Unicorn-45706.exe
1584	Unicorn-11450.exe
1668	Unicorn-3604.exe
2212	Unicorn-45192.exe
2080	Unicorn-12841.exe
2276	Unicorn-2213.exe
1920	Unicorn-22079.exe
2720	Unicorn-50942.exe
2668	Unicorn-31076.exe
2140	Unicorn-32468.exe
320	Unicorn-47413.exe
1964	Unicorn-24300.exe
2000	Unicorn-3687.exe
1740	Unicorn-18632.exe
1192	Unicorn-36360.exe
2088	Unicorn-32276.exe
2932	Unicorn-32276.exe
2384	Unicorn-47221.exe
2272	Unicorn-12130.exe
1252	Unicorn-12130.exe
2496	Unicorn-27075.exe
2100	Unicorn-32551.exe
1020	Unicorn-8601.exe
2968	Unicorn-24383.exe
2356	Unicorn-2379.exe
840	Unicorn-52971.exe
2340	Unicorn-40719.exe
1504	Unicorn-49442.exe
700	Unicorn-38581.exe
1268	Unicorn-42665.exe
1748	Unicorn-48695.exe
1356	Unicorn-59556.exe
2028	Unicorn-61715.exe
2316	Unicorn-30989.exe
2220	Unicorn-11123.exe
1496	Unicorn-57631.exe
2176	Unicorn-7039.exe
2748	Unicorn-33703.exe
2552	Unicorn-9753.exe
2392	Unicorn-25535.exe
2948	Unicorn-1715.exe
2972	Unicorn-25897.exe
2904	Unicorn-28358.exe

Loads dropped DLL 64 IoCs

pid	Process
2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
1572	Unicorn-8679.exe
1572	Unicorn-8679.exe
2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
2800	Unicorn-25845.exe
2800	Unicorn-25845.exe
2708	Unicorn-45711.exe
2708	Unicorn-45711.exe
1572	Unicorn-8679.exe
1572	Unicorn-8679.exe
2888	Unicorn-53962.exe
2800	Unicorn-25845.exe
2888	Unicorn-53962.exe
2800	Unicorn-25845.exe
2556	Unicorn-63199.exe
2556	Unicorn-63199.exe
2860	Unicorn-43333.exe
2708	Unicorn-45711.exe
2860	Unicorn-43333.exe
2708	Unicorn-45711.exe
2960	Unicorn-20858.exe
2960	Unicorn-20858.exe
448	Unicorn-40724.exe
448	Unicorn-40724.exe
2888	Unicorn-53962.exe
2888	Unicorn-53962.exe
1520	Unicorn-26334.exe
2860	Unicorn-43333.exe
1520	Unicorn-26334.exe
2556	Unicorn-63199.exe
2076	Unicorn-30418.exe
2860	Unicorn-43333.exe
2556	Unicorn-63199.exe
2076	Unicorn-30418.exe
2280	Unicorn-37194.exe
2280	Unicorn-37194.exe
2904	Unicorn-32639.exe
2904	Unicorn-32639.exe
2960	Unicorn-20858.exe
2960	Unicorn-20858.exe
2884	Unicorn-26417.exe
2884	Unicorn-26417.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
448	Unicorn-40724.exe
448	Unicorn-40724.exe
1640	WerFault.exe
2092	Unicorn-48975.exe
2092	Unicorn-48975.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
2076	Unicorn-30418.exe
2076	Unicorn-30418.exe
348	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1640	888	WerFault.exe	43
348	2120	WerFault.exe	45
1848	2280	WerFault.exe	40
1360	2152	WerFault.exe	44
2864	1232	WerFault.exe	49
2896	2112	WerFault.exe	46
1216	2720	WerFault.exe	63
832	2028	WerFault.exe	92
1876	2512	WerFault.exe	123
2808	324	WerFault.exe	116
448	1540	WerFault.exe	119
1784	2316	WerFault.exe	93
1668	2952	WerFault.exe	121
2540	484	WerFault.exe	129
1648	2552	WerFault.exe	98
2592	2716	WerFault.exe	139
2272	2388	WerFault.exe	105
3048	2456	WerFault.exe	173
108	112	WerFault.exe	182
2692	2268	WerFault.exe	165
2572	2004	WerFault.exe	183
2396	3036	WerFault.exe	195
932	780	WerFault.exe	207
2988	2528	WerFault.exe	203
1636	2928	WerFault.exe	194
1312	2432	WerFault.exe	208
1912	2860	WerFault.exe	202
4016	1152	WerFault.exe	250
3596	1736	WerFault.exe	216
3164	3120	WerFault.exe	270
772	3696	WerFault.exe	311
3536	3864	WerFault.exe	304
1724	3020	WerFault.exe	319
3804	3976	WerFault.exe	322
2084	3140	WerFault.exe	327
3096	2852	WerFault.exe	328
3476	3192	WerFault.exe	349
3564	3832	WerFault.exe	321
3760	3928	WerFault.exe	376
3464	3752	WerFault.exe	370
3656	3288	WerFault.exe	359
3516	2536	WerFault.exe	388
3764	3440	WerFault.exe	394
3612	4076	WerFault.exe	352
3720	3408	WerFault.exe	378
3300	3588	WerFault.exe	434
3628	3316	WerFault.exe	446
3716	3712	WerFault.exe	459
3992	2468	WerFault.exe	432
4408	4020	WerFault.exe	464
4904	3644	WerFault.exe	482
4528	3524	WerFault.exe	520
3704	5080	WerFault.exe	543
4604	5036	WerFault.exe	541
2732	4468	WerFault.exe	529
3452	4304	WerFault.exe	545
4640	3800	WerFault.exe	501
2380	1500	WerFault.exe	453
2368	2792	WerFault.exe	515
1868	4136	WerFault.exe	549
5072	272	WerFault.exe	574
4144	912	WerFault.exe	594
4132	3952	WerFault.exe	579
4364	3136	WerFault.exe	583

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57185.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4438.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
1572	Unicorn-8679.exe
2800	Unicorn-25845.exe
2708	Unicorn-45711.exe
2888	Unicorn-53962.exe
2556	Unicorn-63199.exe
2860	Unicorn-43333.exe
2960	Unicorn-20858.exe
448	Unicorn-40724.exe
2076	Unicorn-30418.exe
2280	Unicorn-37194.exe
1520	Unicorn-26334.exe
2904	Unicorn-32639.exe
2884	Unicorn-26417.exe
888	Unicorn-2467.exe
2120	Unicorn-63920.exe
2092	Unicorn-48975.exe
1552	Unicorn-47605.exe
2152	Unicorn-18249.exe
2112	Unicorn-29109.exe
1232	Unicorn-41923.exe
1468	Unicorn-22057.exe
2512	Unicorn-45706.exe
1584	Unicorn-11450.exe
1668	Unicorn-3604.exe
2212	Unicorn-45192.exe
2276	Unicorn-2213.exe
2080	Unicorn-12841.exe
2720	Unicorn-50942.exe
2668	Unicorn-31076.exe
2140	Unicorn-32468.exe
320	Unicorn-47413.exe
1964	Unicorn-24300.exe
2000	Unicorn-3687.exe
1740	Unicorn-18632.exe
3040	Unicorn-5633.exe
1192	Unicorn-36360.exe
2932	Unicorn-32276.exe
2088	Unicorn-32276.exe
2384	Unicorn-47221.exe
2272	Unicorn-12130.exe
2496	Unicorn-27075.exe
2100	Unicorn-32551.exe
2968	Unicorn-24383.exe
840	Unicorn-52971.exe
2356	Unicorn-2379.exe
1020	Unicorn-8601.exe
2340	Unicorn-40719.exe
1504	Unicorn-49442.exe
700	Unicorn-38581.exe
1268	Unicorn-42665.exe
1736	Unicorn-51388.exe
1748	Unicorn-48695.exe
1356	Unicorn-59556.exe
2028	Unicorn-61715.exe
2176	Unicorn-7039.exe
2220	Unicorn-11123.exe
2316	Unicorn-30989.exe
1496	Unicorn-57631.exe
2748	Unicorn-33703.exe
2552	Unicorn-9753.exe
2392	Unicorn-25535.exe
2948	Unicorn-1715.exe
2972	Unicorn-25897.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1572	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	30
PID 2864 wrote to memory of 1572	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	30
PID 2864 wrote to memory of 1572	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	30
PID 2864 wrote to memory of 1572	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	30
PID 1572 wrote to memory of 2708	1572	Unicorn-8679.exe	32
PID 1572 wrote to memory of 2708	1572	Unicorn-8679.exe	32
PID 1572 wrote to memory of 2708	1572	Unicorn-8679.exe	32
PID 1572 wrote to memory of 2708	1572	Unicorn-8679.exe	32
PID 2864 wrote to memory of 2800	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	31
PID 2864 wrote to memory of 2800	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	31
PID 2864 wrote to memory of 2800	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	31
PID 2864 wrote to memory of 2800	2864	bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe	31
PID 2800 wrote to memory of 2888	2800	Unicorn-25845.exe	33
PID 2800 wrote to memory of 2888	2800	Unicorn-25845.exe	33
PID 2800 wrote to memory of 2888	2800	Unicorn-25845.exe	33
PID 2800 wrote to memory of 2888	2800	Unicorn-25845.exe	33
PID 2708 wrote to memory of 2556	2708	Unicorn-45711.exe	34
PID 2708 wrote to memory of 2556	2708	Unicorn-45711.exe	34
PID 2708 wrote to memory of 2556	2708	Unicorn-45711.exe	34
PID 2708 wrote to memory of 2556	2708	Unicorn-45711.exe	34
PID 1572 wrote to memory of 2860	1572	Unicorn-8679.exe	35
PID 1572 wrote to memory of 2860	1572	Unicorn-8679.exe	35
PID 1572 wrote to memory of 2860	1572	Unicorn-8679.exe	35
PID 1572 wrote to memory of 2860	1572	Unicorn-8679.exe	35
PID 2888 wrote to memory of 448	2888	Unicorn-53962.exe	36
PID 2888 wrote to memory of 448	2888	Unicorn-53962.exe	36
PID 2888 wrote to memory of 448	2888	Unicorn-53962.exe	36
PID 2888 wrote to memory of 448	2888	Unicorn-53962.exe	36
PID 2800 wrote to memory of 2960	2800	Unicorn-25845.exe	37
PID 2800 wrote to memory of 2960	2800	Unicorn-25845.exe	37
PID 2800 wrote to memory of 2960	2800	Unicorn-25845.exe	37
PID 2800 wrote to memory of 2960	2800	Unicorn-25845.exe	37
PID 2556 wrote to memory of 2076	2556	Unicorn-63199.exe	38
PID 2556 wrote to memory of 2076	2556	Unicorn-63199.exe	38
PID 2556 wrote to memory of 2076	2556	Unicorn-63199.exe	38
PID 2556 wrote to memory of 2076	2556	Unicorn-63199.exe	38
PID 2860 wrote to memory of 1520	2860	Unicorn-43333.exe	39
PID 2860 wrote to memory of 1520	2860	Unicorn-43333.exe	39
PID 2860 wrote to memory of 1520	2860	Unicorn-43333.exe	39
PID 2860 wrote to memory of 1520	2860	Unicorn-43333.exe	39
PID 2708 wrote to memory of 2280	2708	Unicorn-45711.exe	40
PID 2708 wrote to memory of 2280	2708	Unicorn-45711.exe	40
PID 2708 wrote to memory of 2280	2708	Unicorn-45711.exe	40
PID 2708 wrote to memory of 2280	2708	Unicorn-45711.exe	40
PID 2960 wrote to memory of 2904	2960	Unicorn-20858.exe	41
PID 2960 wrote to memory of 2904	2960	Unicorn-20858.exe	41
PID 2960 wrote to memory of 2904	2960	Unicorn-20858.exe	41
PID 2960 wrote to memory of 2904	2960	Unicorn-20858.exe	41
PID 448 wrote to memory of 2884	448	Unicorn-40724.exe	42
PID 448 wrote to memory of 2884	448	Unicorn-40724.exe	42
PID 448 wrote to memory of 2884	448	Unicorn-40724.exe	42
PID 448 wrote to memory of 2884	448	Unicorn-40724.exe	42
PID 2888 wrote to memory of 888	2888	Unicorn-53962.exe	43
PID 2888 wrote to memory of 888	2888	Unicorn-53962.exe	43
PID 2888 wrote to memory of 888	2888	Unicorn-53962.exe	43
PID 2888 wrote to memory of 888	2888	Unicorn-53962.exe	43
PID 1520 wrote to memory of 2152	1520	Unicorn-26334.exe	44
PID 1520 wrote to memory of 2152	1520	Unicorn-26334.exe	44
PID 1520 wrote to memory of 2152	1520	Unicorn-26334.exe	44
PID 1520 wrote to memory of 2152	1520	Unicorn-26334.exe	44
PID 2860 wrote to memory of 2120	2860	Unicorn-43333.exe	45
PID 2860 wrote to memory of 2120	2860	Unicorn-43333.exe	45
PID 2860 wrote to memory of 2120	2860	Unicorn-43333.exe	45
PID 2860 wrote to memory of 2120	2860	Unicorn-43333.exe	45

C:\Users\Admin\AppData\Local\Temp\bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe
"C:\Users\Admin\AppData\Local\Temp\bc32aa0519a2577bc1457050c10727c186a6a1e082cb5800313c3c7200e8b0d1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3687.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64943.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        13⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        14⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        15⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        16⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        17⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        18⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
        19⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
        20⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
        21⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45701.exe
        16⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        17⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        18⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        19⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        20⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        21⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        22⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        23⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41296.exe
        24⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        25⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        23⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
        24⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
        25⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        24⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
        11⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        13⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        14⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        16⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        17⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
        18⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50351.exe
        19⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        20⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        21⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        22⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        23⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        24⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 228
        22⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        14⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        15⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39718.exe
        16⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
        17⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
        18⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        19⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41820.exe
        20⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
        21⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15556.exe
        22⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45572.exe
        23⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38289.exe
        24⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        10⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
        11⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 224
        12⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 248
        10⤵
        Program crash
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        9⤵
        Executes dropped EXE
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        12⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43485.exe
        13⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        14⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        16⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52821.exe
        17⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 224
        18⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        17⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 220
        18⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        15⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        16⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
        17⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        18⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        19⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39490.exe
        20⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        21⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        22⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49272.exe
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17534.exe
        24⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        22⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        23⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44497.exe
        16⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39303.exe
        17⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        18⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        19⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        20⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12878.exe
        21⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 224
        22⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        12⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 220
        13⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        13⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        14⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        15⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        16⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        17⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        18⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        19⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37736.exe
        20⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 224
        21⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        19⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        20⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        21⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33128.exe
        22⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 224
        23⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        14⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 224
        15⤵
        Program crash
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38581.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
        9⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5773.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        12⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
        13⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 224
        14⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38419.exe
        11⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        12⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        13⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        13⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        11⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        12⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        14⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        15⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 244
        16⤵
        Program crash
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
        13⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57782.exe
        14⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        15⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48405.exe
        17⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
        18⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 244
        19⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        10⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        11⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        12⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        13⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3236.exe
        14⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 220
        15⤵
        Program crash
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        14⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
        15⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        16⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
        17⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        18⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40061.exe
        19⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        20⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
        21⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 228
        19⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        12⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        13⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        14⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        15⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        16⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        17⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3475.exe
        18⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        19⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16216.exe
        20⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 240
        21⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        18⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 244
        19⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25083.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        16⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38286.exe
        17⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        18⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        19⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        20⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        18⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33411.exe
        19⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        20⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        19⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        10⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28218.exe
        12⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
        13⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 224
        14⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22401.exe
        12⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        13⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32318.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        15⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
        16⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
        17⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        18⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34887.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        20⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        21⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        22⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51965.exe
        20⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 220
        21⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36360.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        12⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        13⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        14⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59536.exe
        15⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29168.exe
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        17⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        18⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        19⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28281.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
        21⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
        22⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59477.exe
        23⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 244
        24⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 228
        23⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        19⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        20⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 224
        21⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        9⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 220
        10⤵
        Program crash
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
        8⤵
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 244
        9⤵
        Program crash
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62073.exe
        9⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60532.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        11⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        12⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
        13⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
        15⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48218.exe
        16⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        17⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 224
        18⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        13⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39374.exe
        12⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
        13⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        14⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33444.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        16⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
        17⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
        18⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 224
        19⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64725.exe
        14⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        16⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
        17⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
        10⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
        13⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 220
        14⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52805.exe
        11⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        12⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
        12⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        13⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        14⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        15⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        16⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64040.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        11⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
        12⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        13⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        14⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        15⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        17⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        18⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        19⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        20⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49555.exe
        21⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13265.exe
        22⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        6⤵
        Executes dropped EXE
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        13⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        14⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        15⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
        17⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        18⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        19⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        20⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16029.exe
        21⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
        22⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        23⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        24⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        25⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        23⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        24⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        21⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        22⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
        23⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41278.exe
        24⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
        19⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 220
        20⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20953.exe
        11⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        12⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9764.exe
        13⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        14⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        15⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        16⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        17⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17103.exe
        18⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 240
        19⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
        11⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37969.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 220
        13⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        12⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        13⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        15⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        16⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12032.exe
        17⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        17⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34632.exe
        11⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
        12⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 224
        14⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51388.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        9⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 224
        10⤵
        Program crash
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39832.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62556.exe
        12⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        13⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        14⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        15⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        16⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64549.exe
        17⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8955.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 220
        19⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        11⤵
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 224
        12⤵
        Program crash
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 248
        6⤵
        Program crash
        
        PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 244
        9⤵
        Program crash
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        9⤵
        Program crash
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        10⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        11⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        13⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        14⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        16⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 220
        17⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        16⤵
        Program crash
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        15⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        16⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
        17⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        18⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 220
        19⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47694.exe
        18⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        19⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
        20⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        22⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        21⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        20⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        19⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 240
        18⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        17⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        16⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
        15⤵
        Program crash
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        14⤵
        Program crash
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        13⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        12⤵
        Program crash
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        11⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        11⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 220
        12⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26459.exe
        13⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        14⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 220
        17⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        12⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        13⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        14⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        15⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        16⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 224
        17⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        11⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        14⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        17⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        18⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        19⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        18⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 220
        19⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        13⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        14⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        15⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        16⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
        17⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        18⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        19⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        20⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        18⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
        20⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40654.exe
        19⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        12⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        14⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        15⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        16⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        17⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        18⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        19⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63283.exe
        20⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
        22⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53740.exe
        23⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        24⤵
        System Location Discovery: System Language Discovery
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        22⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        23⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        20⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        21⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57632.exe
        22⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39633.exe
        23⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 244
        24⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 228
        23⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        21⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 224
        22⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37677.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        11⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
        12⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45317.exe
        13⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        15⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 224
        16⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61751.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37590.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        12⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
        14⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
        15⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49801.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 224
        17⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        16⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61856.exe
        17⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22635.exe
        18⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        19⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 224
        20⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
        19⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        20⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        21⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        20⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26515.exe
        14⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 240
        15⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        13⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 224
        14⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        13⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        14⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        16⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
        17⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12494.exe
        18⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        19⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 224
        20⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        17⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 224
        18⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
        7⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:1668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 248
        5⤵
        Program crash
        
        PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58202.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        12⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        13⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        14⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        15⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        16⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
        17⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
        18⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        20⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        21⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 220
        22⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35197.exe
        16⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        17⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 240
        18⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        15⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41633.exe
        16⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        17⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        18⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        19⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        20⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 224
        21⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        20⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 244
        21⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        11⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        12⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33641.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        14⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        15⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28997.exe
        16⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        17⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
        18⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14082.exe
        19⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26418.exe
        20⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
        21⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        22⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        23⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        21⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        22⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        23⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        22⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        19⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        20⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        21⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        22⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        15⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        16⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26662.exe
        17⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        18⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe
        19⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        20⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6293.exe
        21⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        22⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        23⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        19⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        20⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        21⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        22⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 240
        23⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64521.exe
        21⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        18⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        19⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        20⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63753.exe
        21⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
        22⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        21⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        19⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17918.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        17⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26610.exe
        18⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
        19⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 244
        20⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
        19⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        20⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 248
        8⤵
        Program crash
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        10⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        11⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        14⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        16⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        18⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 244
        20⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
        18⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        19⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        20⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
        21⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
        19⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16608.exe
        20⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        11⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 224
        12⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        7⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 244
        8⤵
        Program crash
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43276.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        9⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 240
        10⤵
        Program crash
        
        PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52748.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        13⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        16⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        17⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22583.exe
        18⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63802.exe
        20⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
        21⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        22⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52972.exe
        23⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
        24⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        25⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        23⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        24⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8410.exe
        22⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        23⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        24⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64796.exe
        25⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        24⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        10⤵
        
        PID:780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
        11⤵
        Program crash
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        10⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        11⤵
        Program crash
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52836.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19308.exe
        10⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        11⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4829.exe
        12⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        13⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        15⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 220
        16⤵
        Program crash
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        13⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        14⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        15⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        16⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        17⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        18⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        19⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
        20⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        21⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        22⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        23⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32773.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        12⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        13⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        14⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        15⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        16⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 224
        17⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65519.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        16⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52603.exe
        17⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 240
        18⤵
        Program crash
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55296.exe
        16⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        17⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        18⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        19⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        14⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        15⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        17⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        18⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46288.exe
        20⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        21⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        22⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        23⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56737.exe
        24⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        22⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
        23⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        24⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61233.exe
        19⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46646.exe
        20⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31353.exe
        21⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        22⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3911.exe
        23⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        16⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
        17⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        18⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        19⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        20⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        21⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        22⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
        23⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9069.exe
        21⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46506.exe
        22⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        16⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 188
        17⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        9⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 224
        10⤵
        Program crash
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 220
        10⤵
        Program crash
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1715.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58913.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        13⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 224
        14⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38009.exe
        11⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        12⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        13⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 240
        14⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        11⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40107.exe
        12⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 220
        13⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12358.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26049.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
        12⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        14⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21685.exe
        15⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        16⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        17⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        18⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        19⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        20⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        22⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        23⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
        19⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30990.exe
        20⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        21⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42577.exe
        9⤵
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 224
        10⤵
        Program crash
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
        8⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 224
        9⤵
        Program crash
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11450.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        10⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 224
        11⤵
        Program crash
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24465.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46713.exe
        12⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        14⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        16⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        17⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 244
        18⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        13⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        15⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 220
        16⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42892.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10475.exe
        11⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 224
        12⤵
        Program crash
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21320.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40584.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        12⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        15⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 224
        16⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        11⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        12⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        13⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        14⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        15⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        16⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25484.exe
        17⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        18⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        19⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
        20⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        21⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        19⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
        20⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        20⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
        10⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36599.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        13⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        15⤵
        
        PID:272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        16⤵
        Program crash
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
        9⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 220
        10⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32778.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        8⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        6⤵
        Program crash
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
        11⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        12⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        13⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        14⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        15⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 220
        16⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12021.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        10⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        12⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26096.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 224
        14⤵
        Program crash
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12068.exe
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        14⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2541.exe
        17⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
        18⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33786.exe
        7⤵
        
        PID:484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 224
        8⤵
        Program crash
        
        PID:2540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        7⤵
        Program crash
        
        PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12130.exe
        6⤵
        Executes dropped EXE
        
        PID:1252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        6⤵
        Program crash
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        10⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43724.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        13⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        14⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        15⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8192.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59396.exe
        17⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        18⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        19⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        20⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 240
        22⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        14⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        15⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
        16⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-403.exe
        17⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        18⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        19⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16792.exe
        20⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65446.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11082.exe
        12⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 224
        13⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        11⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-963.exe
        14⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        16⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        17⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 220
        18⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63241.exe
        10⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        10⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        11⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31503.exe
        12⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 220
        13⤵
        Program crash
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25281.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        12⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
        13⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        14⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        15⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        16⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48784.exe
        17⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        18⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        19⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        20⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51119.exe
        15⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        16⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 244
        17⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
        16⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
        17⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2300.exe
        18⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9373.exe
        19⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        18⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
        12⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        13⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 224
        14⤵
        Program crash
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        10⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
        11⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        12⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        13⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        15⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41109.exe
        16⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42007.exe
        17⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        18⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        19⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        20⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
        19⤵
        
        PID:5996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe

Filesize
192KB

MD5
b11760508635f2ca380a1098fe032d36

SHA1
7b2dc8280d63ec2353c7d52539b9248a38fe5408

SHA256
15d6657ac8b8a2352f4813c71905a5bec07775be4cdfa5043c57e1c9d37de9ad

SHA512
87e89a0f3083712d8ee0b55f125077df194e6656aaeb9a2a97de473128cff1af9026cb373f2046b34d8e08fba28c35c42c62f86b0df4a3f6536055dd09fb175f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe

Filesize
192KB

MD5
1aae28d51634a06c354c8b5728bb460f

SHA1
a1b29812b871e18635c6eb0396f9d479d87e2ac4

SHA256
f2b1fe485005f3383ee555185a2ed865332c1fdbd0e2ebb4b3ae9c44430701e8

SHA512
3a3bdb55aa4beb71c142754d138a392b7ae5ed1f367bacf61af71050a85be503c759e9403dd1d943ad3672cbb5ce62f296801834a4e243c15e8038111d9b9810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe

Filesize
192KB

MD5
424dc21dae059b14038962091780d880

SHA1
24d0626373fff79eedd9c1423a72557b308baf4d

SHA256
6ed5ab43763d823013af0b0c5641a2c86ca25a869fb049f8eefc1d2bdf70f7fd

SHA512
7cffe00e8990faad57d7504517e86c5a4e96c899f4d10283b874fe4073c0a7e1b64d5525ca358de95327887798ad9bcc60b01569acdc2e18173f2df8e275acb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe

Filesize
192KB

MD5
62648c03a324064f6ad45e532671514c

SHA1
e8e1fc70fbc3ddbc63ec262b918aab5722961f77

SHA256
08a1eb8267cbfa853ab45b618a661849a0cc9e9f3467f0d97be4fec2e312318d

SHA512
56af3a5d0888cea91e3282ea21d61ad4cb52732b9d93c274aa8fd538cb021bf661bc10b28c654413d382f91f35726a48783d7144224c98f468d75e676839a029

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe

Filesize
192KB

MD5
ded0535823f278cd9ebe538427986300

SHA1
a21f11e96fca18bc3805e29597e9d5cc0925a811

SHA256
0e5fab512ca47de7cfa79ef01bdc5d84c5ff496b8597cb9cac56b75021c007f5

SHA512
c69e8630af8588844b316a032deba5c847f48a8bf7818932b3baf76442bda93a12ad9bf0de4b8929d8245127e18f39a5394ed3f8e6495c758b835d765fd92775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30418.exe

Filesize
192KB

MD5
6479219a014d5ef2015a0acb9c1502a0

SHA1
1530f968d094b84b8a6d7b3545827cd15bba7818

SHA256
4e6ea4edab2dc631d144f25e102c0b7498e5e424e6d8f089834ab2b72229a012

SHA512
86d05f32d9c83e366bdd694a9e4e1b4bc09db6936ed187b44ed958232417ea8c7288d4b6763e47326f40bf4f12c7af8ebe19b7f9b0e81041b51baacde8074b8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe

Filesize
192KB

MD5
c27c7b54ac92deb6115ed2e584778ea7

SHA1
899af69683e26ba3d25c99998d96c0fa912c7e2c

SHA256
0893c3a36b3bbd5c6fa721c24a128663a1321fde4b83cca4cec07db5df4a2522

SHA512
05626a39030c41bfe864cb2fca4a8267995086e564cb6c644ceaab5cd752c66cc7d43221760aa836ccab979ce750c02fda009638d0661e389532d53b16e0aa5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe

Filesize
192KB

MD5
477971d90db45a49e7c0ba062571b350

SHA1
d360818861f4ac59a1c54fee9f08597ab612f656

SHA256
c90a85c0bd35cffea4bff6393038463d80646e81e63af859aa027dfca1491890

SHA512
b13e141185ba4c130ae2cf667b40964990aa9213a8a1f5cf80f3a7e1ff09fd86ca74e972a2230292d50bebc782b1396e7ba8ec672acc21a2b3b4d8858d11b9b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe

Filesize
192KB

MD5
fcbd77e19847e6edea41cc225774106c

SHA1
69f03056ef12edda93414cb31e09f72a1b317904

SHA256
204d653bb916f8cca57fc646b364cb1999a54ffcf2c649780698c4178e89fa14

SHA512
83b5da234eed8fe5e80a5eab8ec868e394d5fd9d72c5c55027c85244366178132b626e7a447708bad0e180c3b3f83d541c0f30a6c9c2e6b836813b192ee67f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe

Filesize
192KB

MD5
7559432adbf345624973158aab139173

SHA1
249211fcf5a999f53dd4a2c3bdfca9b83883d4fb

SHA256
8036162b34f0ce6cb42baabcc024bf8ea42bc0f88d3f69c568507356fc0f1c13

SHA512
a867bcae2e6a6f05c7cb509f710355b97db5e3fe572b115f36a5f3b1b2917d3cea46336507f58360b908de4139a215b61350a4a9208765d638da946b5c03aa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe

Filesize
192KB

MD5
636e6c734eca3dc317753f698661c51b

SHA1
92beaf78be5e63fc39db0c52988fec685b0762d7

SHA256
ea2441dd27f28a93247bc1422c2e481ea4300b2f1f9bd11a2c7f7c2ab152b609

SHA512
4b985a18d25a371a9bb4fe08d684ed8ccfc2ba7820c91c9e54aff197ff7d4158de1fc0f659c50f9fe91f503217e13b3a7f76e2f203ad1d9824b525e74018ceae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe

Filesize
192KB

MD5
e6d232cfaf7c9eb6b9027e84598cdacd

SHA1
98d72ac95a0849aea3960dd1211f404babd938ad

SHA256
427579ed86d71b237e8d8b0104a924492b1ca939ed7027b32b09ba6633bc3255

SHA512
e0475afd1cb32cd9aeda286082d5e3354b8f8aa911c8fc7f31cef290862d88dc514a384cad028357823ccb1244f20bc95e32cdd42af6a101308c7de3af15328b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe

Filesize
192KB

MD5
46ab4ab0dd2960a493d63eba780fff4d

SHA1
06babfebc1142ac3603ffc74edd3ecfee76f3cfd

SHA256
8a7152f1099ebf246799b876391a6238e755b0ffc629cf4cc1ca90d21f347736

SHA512
5a6a480fdfd1d2cbdc6b7d55a8349806659a4c55b266bf1211c1e549cffff8c0b58217c2e0fb2d5a2216d69809b97e2e2af56a17da1d5161f0c13e2800f668cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe

Filesize
192KB

MD5
5f4d4564974cd16f24b215e42571c964

SHA1
1c867e8851f6b9709ae7f5f6fc7a31d71235004f

SHA256
7841ea08e6e9e9637cbdd4797383627412ce5370a53d9bdffb642f18f8788123

SHA512
7278cf8879e965a41de4e55039e67cf5d44b4d5637a6c7884e6cd1f19b0e226dcd4057d1e8ca69a506661d372de69d4978d57ab585406e148c6b18cb2ca55305

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4341.exe

Filesize
192KB

MD5
38cf1808d61a323a90f173b12eace04f

SHA1
c010baaa95fa236c0ea173f764ee2083682d1d82

SHA256
bf4cfa92fc0de985e3cf2d3f1b534fd3f292d511734567c5cd437648906a9d53

SHA512
5bde16709676526e4ada62e692cf50291d0e54055b832d936ab75a578f02652bcddf9a6d967cee987e550251a3e01c7ac2cf9d077a2ccb3cdb8991a994ce9458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe

Filesize
192KB

MD5
e7b1de80a766c83fe512fbf6aa452d20

SHA1
c8fe87e77d893ba4a3c126c389fa694b80ab4ee4

SHA256
61e5f8efad4df9210f9346b184273cea3d0a5d00cc2ef17936f5b82a3be5cd66

SHA512
c2514d73dbbc256a3e1f7057938777e05afdde2886ac8aeab95d460d0ad6a097844dd1e7b754347ac5ee61aacad16c8d47d63171c247bf1764a0256f45630b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45711.exe

Filesize
192KB

MD5
3fe38cf7174c6985a59237b775de0041

SHA1
1d2dfa68c2a8f7c79e1701d03957abaf2cdde747

SHA256
973394c9817dcf0f5e4eb38af4422512e1ad92a3a691f3ba18d52a9a5970f72e

SHA512
b2785df0823248f6caa81879f150a1f1f391351ea2c78e863c3b9c3e5ca01896981fed3c33aa6cfa0f0baa8ebdf7e47f65014048693d556d61963beb87597d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe

Filesize
192KB

MD5
632042e9840b59e1fff91490b0bdd669

SHA1
6adb159ed1a7587fce782c4de43d4c2e4b58d50f

SHA256
6599f24656f3a8ff5d2801fb9f93953121b2addf9af6e51e24582bf5e8e20cbe

SHA512
33f80d373c2f33f362d2208627360348badac05d8e7d35bc949a5c060902f5045d068eb800acd2806a283ad356c7b801bbb06c549c0fb5fac1cc85e4c33f4d5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe

Filesize
192KB

MD5
09ed78ba013c32c781fbd4c31ff4f51b

SHA1
44b132bdae98b0655bc1de79d0c2e177772f5f9d

SHA256
18baf85592773977c589f66747e01fb45fb1dc7d7a76f042320b988ba49e6c92

SHA512
5b914a22f5334cf31931cc5d3cd64d47c8731a3209e01ccf017338f2b6e2fe5b67a7945c42a743c3b644606e65ec7f332f88376922091589bb5ddf395cfdcafd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe

Filesize
192KB

MD5
aac2fed3e8395ee381d52e4a07d4a8f0

SHA1
434289014d3aa593507e4bd90085205ea24ffd51

SHA256
970a6d86671fd8e56585a744203d154a9c9674c1c34e30d9fc0a2583e0f1bc26

SHA512
c348e4f7b4159867b97b678ed98567ec5f28c86ac56cd9f36622c2d2b97b08b829060af7e673c1b4b4b8897db62ef10c839d1d6a3882594d12a3c04e4cd368e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe

Filesize
192KB

MD5
b381c0547e7826a7719d9aa0b5d8b9bb

SHA1
1e50ed1a28fe13632896c582793175cb248c1dde

SHA256
23ed31ded29a30dc79ac6ae2f8a890454f4ee3ca85518767717fe0d33b6aacea

SHA512
78a5c5815ab92473ad4762c1b946f061181ad825793b83c39347dbb25e1f7130557877d9eab3ae269779c8f4da5b29e3f234ac74a044a00f95a7ac7824aeb5b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe

Filesize
192KB

MD5
19638e8e9743d665c0655b6fd92d5ccc

SHA1
c2d1df90d03562627e05f72c95fc8d9190e5d672

SHA256
92bf2e34198f3c96610173abba958c2f3636dd265849cf6346de40150124d2c8

SHA512
ad84301a6c050009d201d02ef0ef2b1f68323e5e8e3b6ffef84f01dfd2d439449c39732ebed05736274ce610adabd1695f3bdfd1bc27c708ed5781d15ffdb115

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe

Filesize
192KB

MD5
97ec62a25c326fd3ecf47ffd5387af9e

SHA1
85c7551894d26b5c93b137546f6861221ce928b6

SHA256
c512245b66638c786c7d2be707c9b41b0ce54e6141f38b97bb69c607f7d6a90a

SHA512
91aa39a8a7c2123ddf9eda52f94d2ffa3724503a09cd112efe7ca219f903e7e566c7db51e0a825c58cd216e0e29fd84ca762477c2ac74a6b0bc26fa76e146f0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe

Filesize
192KB

MD5
5ef489b788e28a181589566d4d020f39

SHA1
e933015fc7713408d8bf013ba18962edf27a73f9

SHA256
647940a314a87b3f280753bb6f0f1995b71dfa782461bbc06342fe119c69819e

SHA512
dbc4f1a23633c502e65f992f50ebe939e3e8ea6875284e861b4c040ef95ee331bb5edbfd7517e3d5262140080ad0a3ee3feba016987638bd9e9bb5641e7f080c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe

Filesize
192KB

MD5
038901d71fcf5092733819b74fd7ca45

SHA1
5583bd21ae25378d17060cb141b2d72168a346a1

SHA256
4887942ecba0b87e297a2028eae6b24f4e106011bae71b7a70f7cafdae36113d

SHA512
65dfe8b023059524d3fa66a961647d0cb9f6724dc2c65ec14873446773892bfac04a468445ddcde1393dc8af41eeeed29a51d98f170f45c12579c9648d6d3d4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe

Filesize
192KB

MD5
6140bd41898f0149fcef2bc364056b0f

SHA1
701451fc1e2bcedc730b277fce5d96bf8060dd5d

SHA256
1dc41806a7b7b9ca4b9fab032107766d06d38c1b7ccc0e0d324c65854b8b69b8

SHA512
32c6d128fb8ffffe0a9f7eca187a5c33b82fd7b899d162edbcee2ca7e71ee6021ec63c7b67d290cef87fbe0c3936de376db6d54c22cc6de810e4fb351f64aa33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6682.exe

Filesize
192KB

MD5
001388b04a3f5f2ca2ec6fc6aaca3a08

SHA1
e472efe971d48c72b6e3e57495dae328b3d7e179

SHA256
f509bf592cd6319caa2244541b4a62e7c00cb6bec4e301f676ba5e027efe35e4

SHA512
4ea1ab74d1e15cdf71592eeabba2c04fe4beb2a35765cf494a87f68a185e755f8629d62789238dec29d148dcdd0207d8f50eb405adcf690f599bd4f1f98d2734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe

Filesize
192KB

MD5
228c988ec84382fe2150409fd729627e

SHA1
923bef3474c4df3e34cba979ba1bc32ad6220488

SHA256
205d8e5fb7fcbab2a9f6e2d44667ba1720b431897a370e5a31e0171f95894c95

SHA512
3b377d105ef00b1dad62edfa0086f81fa7ac50469ed72011ade4c67910fc42b37f7efd17652252a2100c61650d2ae817b2a919182fc6e8e20048a23f58d31d24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2467.exe

Filesize
192KB

MD5
83c3c203edc3e48bc319e9f54cc4880b

SHA1
8dd185e32894923e012c4714f7dbd7581e47f74d

SHA256
78b7912badb740cc6f9d147538a7b3e6a54cac373fb0817005f6da18d93dcc33

SHA512
00ebedf2add2505a33274cd50e30f28a6062948d37578bd4b2fe50ea57e6fbae919248df18fe2458796960ab4fa8e0065b0aee7d7be5397410ea732a2fa9ce97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe

Filesize
192KB

MD5
851d653a14fcb62db82681c84a88a493

SHA1
0231f1138f4b7f037dfe5a649527dbe147116929

SHA256
bf5febfa77165a92475dbf9d6238dff8dcbbd6d3e57e22a29874c73389b0b7f7

SHA512
254c3a981ce546006fa16bcef1ea5c2dd9b0f6604a2b6ee0861adc962cdbf6671683af048e3eccb2f1a49d186f8e63442d8982594847c58eb4bd8a5974b7fbb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26334.exe

Filesize
192KB

MD5
2e4e47e4e8dde9943fd282fd7aa7cf42

SHA1
cf82f66d6e9b7c357bd0bf6f12e4bd6d8b05bbb8

SHA256
4df4e9847e22ca3f1aed931730893831e393dd63f8600c3be29b7e9225d7d4d9

SHA512
e9a5b33b42bb74b669ee32997aecf69d2213bacfecca49ab6b3e7cfbb3d615d548b3a890b12edc1a998620da8b6e7ebb3ccacadfd1cabb616891d5b87d1c4260

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29109.exe

Filesize
192KB

MD5
77a817badaa4d6107da5d53a1287cae8

SHA1
1b266f019249a1f41fde9c92d17bb81a6649f9af

SHA256
0d4797846937e62a093b0ce6d47bdb14564e9c4379e1c164e694b185804b4d11

SHA512
3a28a53354c51c68a3e88df4d1d0a27760a58de14610e9b29a8b564034f2b67a8d26ec8d74459e497de16edad41ea9c40a21d22c4b1790cb213100f2e89d2f83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe

Filesize
192KB

MD5
ea83a2c045179973a2560657e6db3f9c

SHA1
a826597808742aaf2899617270b89877fc8bff64

SHA256
cf50300d8489b26b5e0461f9eaf5c3fb4c91c2130b11b4e0f5af1c96ea93eee6

SHA512
f3d713a9b7d1de8c19fb543c022f285903833846573b20b5015acbfea33faa0c4b141590212d4e1ba11ab8d5b2dfa32e2587dccf14b42a9ec807226c00712674

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe

Filesize
192KB

MD5
bdc1514dd887816f18bcdea3c920dddc

SHA1
616874fda6226e4ad18e6c4628c14e629e72a509

SHA256
baf83f73c17754006dd8b9fb1de66fce53f882dfb14f0765b944cc78949c0d2c

SHA512
303604f364a48fc9a09f1346256647457e9be5453dadab32c18395077d28968ede538a1d74f8923bb9aaa0d2ce35496a3a194e6e610d31419ca2d58caea11df6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40724.exe

Filesize
192KB

MD5
f4cc05a23938c5f6b4eb1cfe13b4a3a9

SHA1
02dc7bc44761f1e04acf1fdd4007da7232301a53

SHA256
3d0fdeb37d308b693372c443d7673323a0252dbc51266846ae43a779211f3ee2

SHA512
2d2a70e56344ffdaaf90c50b9d5a09b0e96974926dc211dd4c7fa603a3ac0e5360ac2e313bdb17c3a2f6b8c6bb20db77f0d3445b8ea4810acf2fc52feddc663a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43333.exe

Filesize
192KB

MD5
d119976613d70f7a50ec8889da825648

SHA1
3b0e0dfb1682c4b18f1fcf22d1117122f8232a07

SHA256
77a022d403d0158a9e82bbffc8498676207145c74efa3e2f748fc657ab391bd6

SHA512
a3ce0c4a29958021ec70b56bc7a0ee7adb6c73b0952757bd882aecc105daa714afbc0d50becb86880189ed263bc0c93e3d23e6ba88949163e8304187a3dba959

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe

Filesize
192KB

MD5
42f2a243b212449ffd171f98f73d3f38

SHA1
02e92177aaeaa2473e3827e6eb0ec97434877614

SHA256
a636eccfa3ed5d5ceb25431dd02ab146884233cb4e8fb835898d7f1fc82c31ed

SHA512
62f012a4d6e12d6cedbd71c1abf4853d98406f73ac3a7a2618eab52120b12e517ab1b504073600e1738dc98a1c4974169b7d3651e75e2c0a04a4485b1fd15786

Download Submit
memory/1920-2007-0x0000000003140000-0x0000000003250000-memory.dmp

Filesize
1.1MB

Download
memory/1920-474-0x0000000003480000-0x0000000003590000-memory.dmp

Filesize
1.1MB

Download
memory/1920-473-0x0000000002B50000-0x0000000002CAC000-memory.dmp

Filesize
1.4MB

Download