09628ebea00535f37a43fa04a866d36d58d94e8433522a4588022728d54f43d9

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 21:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
Size

192KB
MD5

25fa0e8a5267c9642c2ac9ee043d58c7
SHA1

56eb92c1b4cbe73ea8b020e78eee6d208410b227
SHA256

f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f
SHA512

ff9a763ab3c2ed5319afccca1cebc8d802649f2df3557a54421485ff83e1d2873aead708812ab95e8304ab23c3532506fe13be43a569ffb1bd9bfb694af5a7a4
SSDEEP

3072:Jre2o35wBcnUkQEX3uNhZL8b63PDrwtkt2bmxoKWr26lVvM6:Jr7oMOjQOubZL8j0Yw6lVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2548	Unicorn-11966.exe
2012	Unicorn-42776.exe
2880	Unicorn-28940.exe
2748	Unicorn-56699.exe
2736	Unicorn-11027.exe
2780	Unicorn-21334.exe
2036	Unicorn-5080.exe
1936	Unicorn-43975.exe
748	Unicorn-63004.exe
1244	Unicorn-28193.exe
472	Unicorn-48059.exe
1796	Unicorn-31806.exe
1188	Unicorn-42666.exe
2892	Unicorn-41920.exe
2164	Unicorn-60394.exe
2692	Unicorn-5718.exe
2424	Unicorn-29668.exe
3028	Unicorn-64478.exe
1600	Unicorn-9802.exe
2452	Unicorn-43072.exe
648	Unicorn-47156.exe
2216	Unicorn-31374.exe
2072	Unicorn-22652.exe
3064	Unicorn-41680.exe
2308	Unicorn-41702.exe
3044	Unicorn-52563.exe
1028	Unicorn-15059.exe
2160	Unicorn-60731.exe
1572	Unicorn-60176.exe
2132	Unicorn-13668.exe
1232	Unicorn-33534.exe
2412	Unicorn-64260.exe
2524	Unicorn-41209.exe
2792	Unicorn-25427.exe
2832	Unicorn-25449.exe
1984	Unicorn-33617.exe
2300	Unicorn-44478.exe
1032	Unicorn-37701.exe
1468	Unicorn-19973.exe
1472	Unicorn-43923.exe
1420	Unicorn-21365.exe
576	Unicorn-52091.exe
2532	Unicorn-27395.exe
1616	Unicorn-50508.exe
1324	Unicorn-21919.exe
1932	Unicorn-45869.exe
2932	Unicorn-54037.exe
2276	Unicorn-25257.exe
2976	Unicorn-36117.exe
732	Unicorn-9475.exe
3036	Unicorn-55983.exe
852	Unicorn-29341.exe
2028	Unicorn-40201.exe
1768	Unicorn-9556.exe
536	Unicorn-51144.exe
328	Unicorn-12270.exe
2236	Unicorn-59333.exe
272	Unicorn-35383.exe
2512	Unicorn-8186.exe
1256	Unicorn-18301.exe
2004	Unicorn-37329.exe
2852	Unicorn-32691.exe
2848	Unicorn-43551.exe
2760	Unicorn-16163.exe

Loads dropped DLL 64 IoCs

pid	Process
2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
2548	Unicorn-11966.exe
2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
2548	Unicorn-11966.exe
2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
2548	Unicorn-11966.exe
2012	Unicorn-42776.exe
2548	Unicorn-11966.exe
2012	Unicorn-42776.exe
2880	Unicorn-28940.exe
2880	Unicorn-28940.exe
2748	Unicorn-56699.exe
2748	Unicorn-56699.exe
2780	Unicorn-21334.exe
2780	Unicorn-21334.exe
2880	Unicorn-28940.exe
2880	Unicorn-28940.exe
2012	Unicorn-42776.exe
2012	Unicorn-42776.exe
2736	Unicorn-11027.exe
2736	Unicorn-11027.exe
2036	Unicorn-5080.exe
2036	Unicorn-5080.exe
2748	Unicorn-56699.exe
2748	Unicorn-56699.exe
748	Unicorn-63004.exe
748	Unicorn-63004.exe
472	Unicorn-48059.exe
472	Unicorn-48059.exe
2736	Unicorn-11027.exe
2736	Unicorn-11027.exe
1244	Unicorn-28193.exe
1244	Unicorn-28193.exe
1936	Unicorn-43975.exe
1936	Unicorn-43975.exe
2780	Unicorn-21334.exe
2780	Unicorn-21334.exe
1188	Unicorn-42666.exe
1188	Unicorn-42666.exe
1796	Unicorn-31806.exe
1796	Unicorn-31806.exe
2036	Unicorn-5080.exe
2036	Unicorn-5080.exe
2892	Unicorn-41920.exe
2892	Unicorn-41920.exe
748	Unicorn-63004.exe
748	Unicorn-63004.exe
2164	Unicorn-60394.exe
2164	Unicorn-60394.exe
472	Unicorn-48059.exe
472	Unicorn-48059.exe
2424	Unicorn-29668.exe
2424	Unicorn-29668.exe
1244	Unicorn-28193.exe
1244	Unicorn-28193.exe
3028	Unicorn-64478.exe
3028	Unicorn-64478.exe
2692	Unicorn-5718.exe
1936	Unicorn-43975.exe
1600	Unicorn-9802.exe
2692	Unicorn-5718.exe
1936	Unicorn-43975.exe
1600	Unicorn-9802.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2856	1032	WerFault.exe	68
1308	1420	WerFault.exe	71
2740	3044	WerFault.exe	56
1916	1616	WerFault.exe	74
2912	3036	WerFault.exe	80
2688	2512	WerFault.exe	89
748	2832	WerFault.exe	65
1600	1644	WerFault.exe	105
2268	1756	WerFault.exe	112
2252	2028	WerFault.exe	83
2948	3068	WerFault.exe	110
2880	1360	WerFault.exe	113
1804	852	WerFault.exe	82
1596	2328	WerFault.exe	109
2344	1244	WerFault.exe	127
2372	1788	WerFault.exe	128
1276	1500	WerFault.exe	132
2012	1380	WerFault.exe	134
1028	528	WerFault.exe	101
3060	1524	WerFault.exe	163
2900	3028	WerFault.exe	166
2600	2008	WerFault.exe	120
3096	2844	WerFault.exe	147
3712	2444	WerFault.exe	193
3120	2624	WerFault.exe	200
3468	2656	WerFault.exe	202
3720	2964	WerFault.exe	214
1248	912	WerFault.exe	210
1288	2248	WerFault.exe	278
3012	3792	WerFault.exe	258
1572	3740	WerFault.exe	280
1620	3892	WerFault.exe	262
3628	3544	WerFault.exe	294
3652	1720	WerFault.exe	318
3064	1920	WerFault.exe	320
3260	2332	WerFault.exe	345
520	880	WerFault.exe	340
2836	2852	WerFault.exe	356
4088	3324	WerFault.exe	365
1872	1656	WerFault.exe	366
3620	3964	WerFault.exe	367
2516	3880	WerFault.exe	311
4372	3292	WerFault.exe	386
4404	2056	WerFault.exe	390
4980	2076	WerFault.exe	405
3492	1688	WerFault.exe	447
4240	1972	WerFault.exe	426
3828	4684	WerFault.exe	485
4012	4784	WerFault.exe	468
4124	4284	WerFault.exe	487
5064	4860	WerFault.exe	486
4612	4728	WerFault.exe	498
1740	4876	WerFault.exe	497
1636	5108	WerFault.exe	516
4756	324	WerFault.exe	517
2312	2768	WerFault.exe	548
1796	2348	WerFault.exe	538
2308	4416	WerFault.exe	533
2980	4296	WerFault.exe	504
4052	1468	WerFault.exe	555
3368	4224	WerFault.exe	612
4072	4316	WerFault.exe	621
2380	3320	WerFault.exe	605
2680	2636	WerFault.exe	579

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11027.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34596.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30605.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11606.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15493.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
2548	Unicorn-11966.exe
2012	Unicorn-42776.exe
2880	Unicorn-28940.exe
2748	Unicorn-56699.exe
2736	Unicorn-11027.exe
2780	Unicorn-21334.exe
2036	Unicorn-5080.exe
748	Unicorn-63004.exe
1936	Unicorn-43975.exe
472	Unicorn-48059.exe
1244	Unicorn-28193.exe
1796	Unicorn-31806.exe
1188	Unicorn-42666.exe
2892	Unicorn-41920.exe
2164	Unicorn-60394.exe
2424	Unicorn-29668.exe
2692	Unicorn-5718.exe
3028	Unicorn-64478.exe
1600	Unicorn-9802.exe
2452	Unicorn-43072.exe
648	Unicorn-47156.exe
2216	Unicorn-31374.exe
2072	Unicorn-22652.exe
3064	Unicorn-41680.exe
2308	Unicorn-41702.exe
3044	Unicorn-52563.exe
2160	Unicorn-60731.exe
1028	Unicorn-15059.exe
1572	Unicorn-60176.exe
2132	Unicorn-13668.exe
1232	Unicorn-33534.exe
2412	Unicorn-64260.exe
2524	Unicorn-41209.exe
2792	Unicorn-25427.exe
2832	Unicorn-25449.exe
2300	Unicorn-44478.exe
1984	Unicorn-33617.exe
1032	Unicorn-37701.exe
1468	Unicorn-19973.exe
1472	Unicorn-43923.exe
1420	Unicorn-21365.exe
576	Unicorn-52091.exe
2532	Unicorn-27395.exe
1616	Unicorn-50508.exe
1324	Unicorn-21919.exe
1932	Unicorn-45869.exe
2932	Unicorn-54037.exe
2028	Unicorn-40201.exe
2976	Unicorn-36117.exe
2276	Unicorn-25257.exe
3036	Unicorn-55983.exe
732	Unicorn-9475.exe
852	Unicorn-29341.exe
1768	Unicorn-9556.exe
536	Unicorn-51144.exe
328	Unicorn-12270.exe
2236	Unicorn-59333.exe
272	Unicorn-35383.exe
2512	Unicorn-8186.exe
1256	Unicorn-18301.exe
2004	Unicorn-37329.exe
2852	Unicorn-32691.exe
2848	Unicorn-43551.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2548	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	30
PID 2524 wrote to memory of 2548	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	30
PID 2524 wrote to memory of 2548	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	30
PID 2524 wrote to memory of 2548	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	30
PID 2548 wrote to memory of 2012	2548	Unicorn-11966.exe	31
PID 2548 wrote to memory of 2012	2548	Unicorn-11966.exe	31
PID 2548 wrote to memory of 2012	2548	Unicorn-11966.exe	31
PID 2548 wrote to memory of 2012	2548	Unicorn-11966.exe	31
PID 2524 wrote to memory of 2880	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	32
PID 2524 wrote to memory of 2880	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	32
PID 2524 wrote to memory of 2880	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	32
PID 2524 wrote to memory of 2880	2524	f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe	32
PID 2548 wrote to memory of 2748	2548	Unicorn-11966.exe	33
PID 2548 wrote to memory of 2748	2548	Unicorn-11966.exe	33
PID 2548 wrote to memory of 2748	2548	Unicorn-11966.exe	33
PID 2548 wrote to memory of 2748	2548	Unicorn-11966.exe	33
PID 2012 wrote to memory of 2736	2012	Unicorn-42776.exe	34
PID 2012 wrote to memory of 2736	2012	Unicorn-42776.exe	34
PID 2012 wrote to memory of 2736	2012	Unicorn-42776.exe	34
PID 2012 wrote to memory of 2736	2012	Unicorn-42776.exe	34
PID 2880 wrote to memory of 2780	2880	Unicorn-28940.exe	35
PID 2880 wrote to memory of 2780	2880	Unicorn-28940.exe	35
PID 2880 wrote to memory of 2780	2880	Unicorn-28940.exe	35
PID 2880 wrote to memory of 2780	2880	Unicorn-28940.exe	35
PID 2748 wrote to memory of 2036	2748	Unicorn-56699.exe	37
PID 2748 wrote to memory of 2036	2748	Unicorn-56699.exe	37
PID 2748 wrote to memory of 2036	2748	Unicorn-56699.exe	37
PID 2748 wrote to memory of 2036	2748	Unicorn-56699.exe	37
PID 2780 wrote to memory of 1936	2780	Unicorn-21334.exe	38
PID 2780 wrote to memory of 1936	2780	Unicorn-21334.exe	38
PID 2780 wrote to memory of 1936	2780	Unicorn-21334.exe	38
PID 2780 wrote to memory of 1936	2780	Unicorn-21334.exe	38
PID 2880 wrote to memory of 748	2880	Unicorn-28940.exe	39
PID 2880 wrote to memory of 748	2880	Unicorn-28940.exe	39
PID 2880 wrote to memory of 748	2880	Unicorn-28940.exe	39
PID 2880 wrote to memory of 748	2880	Unicorn-28940.exe	39
PID 2012 wrote to memory of 1244	2012	Unicorn-42776.exe	40
PID 2012 wrote to memory of 1244	2012	Unicorn-42776.exe	40
PID 2012 wrote to memory of 1244	2012	Unicorn-42776.exe	40
PID 2012 wrote to memory of 1244	2012	Unicorn-42776.exe	40
PID 2736 wrote to memory of 472	2736	Unicorn-11027.exe	41
PID 2736 wrote to memory of 472	2736	Unicorn-11027.exe	41
PID 2736 wrote to memory of 472	2736	Unicorn-11027.exe	41
PID 2736 wrote to memory of 472	2736	Unicorn-11027.exe	41
PID 2036 wrote to memory of 1796	2036	Unicorn-5080.exe	42
PID 2036 wrote to memory of 1796	2036	Unicorn-5080.exe	42
PID 2036 wrote to memory of 1796	2036	Unicorn-5080.exe	42
PID 2036 wrote to memory of 1796	2036	Unicorn-5080.exe	42
PID 2748 wrote to memory of 1188	2748	Unicorn-56699.exe	43
PID 2748 wrote to memory of 1188	2748	Unicorn-56699.exe	43
PID 2748 wrote to memory of 1188	2748	Unicorn-56699.exe	43
PID 2748 wrote to memory of 1188	2748	Unicorn-56699.exe	43
PID 748 wrote to memory of 2892	748	Unicorn-63004.exe	44
PID 748 wrote to memory of 2892	748	Unicorn-63004.exe	44
PID 748 wrote to memory of 2892	748	Unicorn-63004.exe	44
PID 748 wrote to memory of 2892	748	Unicorn-63004.exe	44
PID 472 wrote to memory of 2164	472	Unicorn-48059.exe	45
PID 472 wrote to memory of 2164	472	Unicorn-48059.exe	45
PID 472 wrote to memory of 2164	472	Unicorn-48059.exe	45
PID 472 wrote to memory of 2164	472	Unicorn-48059.exe	45
PID 2736 wrote to memory of 2692	2736	Unicorn-11027.exe	46
PID 2736 wrote to memory of 2692	2736	Unicorn-11027.exe	46
PID 2736 wrote to memory of 2692	2736	Unicorn-11027.exe	46
PID 2736 wrote to memory of 2692	2736	Unicorn-11027.exe	46

C:\Users\Admin\AppData\Local\Temp\f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe
"C:\Users\Admin\AppData\Local\Temp\f6c12666bafb687866fe4257c40bf01ba86598260bd6a403eb40658f3998863f.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52919.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60869.exe
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
        12⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        13⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 224
        14⤵
        Program crash
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        12⤵
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 224
        13⤵
        Program crash
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        11⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        12⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37678.exe
        13⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
        14⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62260.exe
        15⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
        16⤵
        Program crash
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21866.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        11⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        12⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        13⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        14⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12701.exe
        15⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61383.exe
        16⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        17⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        18⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        19⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        20⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34207.exe
        21⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 248
        13⤵
        Program crash
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5181.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        11⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39240.exe
        12⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        14⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        15⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        16⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        17⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        18⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37959.exe
        19⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        20⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        21⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 248
        17⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        15⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        16⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
        17⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        18⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59012.exe
        19⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60091.exe
        16⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        17⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        18⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        8⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
        12⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16978.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        15⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        16⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        18⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        19⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
        20⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        21⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        17⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        18⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        19⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
        20⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        18⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        19⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        13⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 220
        14⤵
        Program crash
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 228
        9⤵
        Program crash
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21919.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        8⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 244
        9⤵
        Program crash
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        11⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21726.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        13⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 220
        14⤵
        Program crash
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64159.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52644.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        12⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
        13⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42053.exe
        14⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20621.exe
        15⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        16⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        17⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        18⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
        19⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        16⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        17⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        18⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
        19⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        15⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        16⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
        17⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        8⤵
        Program crash
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 248
        7⤵
        Program crash
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 244
        8⤵
        Program crash
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        7⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 244
        8⤵
        Program crash
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3308.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39349.exe
        11⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 244
        12⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        11⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        12⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        13⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        14⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
        15⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
        16⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        17⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51939.exe
        18⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        19⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        17⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53688.exe
        18⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55690.exe
        8⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 220
        9⤵
        Program crash
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        11⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
        12⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        14⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17554.exe
        15⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        16⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        17⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        18⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        19⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        20⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        21⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        22⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46464.exe
        20⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
        21⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
        14⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        15⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46329.exe
        16⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10698.exe
        17⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        18⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        19⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        20⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        20⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        17⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        18⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        19⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        20⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58332.exe
        18⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        19⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        10⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33729.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41378.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62613.exe
        13⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        14⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38332.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        16⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        17⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 220
        19⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe
        17⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
        18⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        19⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        20⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47834.exe
        18⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        19⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        12⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        13⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        14⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
        15⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
        16⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        17⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        18⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30642.exe
        19⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        20⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
        16⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        10⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 224
        11⤵
        Program crash
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30121.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44424.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        10⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 224
        11⤵
        Program crash
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18855.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        11⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50506.exe
        12⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        14⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        15⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        16⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        17⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        18⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        19⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
        20⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        18⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        19⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        11⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        12⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20242.exe
        13⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
        14⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        15⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 220
        16⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
        15⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        16⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 224
        17⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 244
        7⤵
        Program crash
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        7⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        9⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 244
        10⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        12⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        13⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
        14⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12644.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 224
        16⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        15⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        16⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        17⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 224
        18⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        9⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 220
        10⤵
        Program crash
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        11⤵
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        12⤵
        Program crash
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45841.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        12⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59707.exe
        13⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 224
        14⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 236
        13⤵
        
        PID:5076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        6⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        8⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 244
        9⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        9⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 244
        10⤵
        Program crash
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        11⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
        12⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
        13⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
        14⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        15⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        16⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        17⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        18⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9131.exe
        16⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55634.exe
        17⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 228
        14⤵
        
        PID:4888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
        9⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22058.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        12⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63334.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        14⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62836.exe
        15⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
        16⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        17⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        18⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 220
        19⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        10⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16516.exe
        11⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52068.exe
        12⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        13⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        14⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        15⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        16⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        18⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        19⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
        20⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
        18⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 240
        19⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32259.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49271.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17258.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        13⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        14⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        15⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        16⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 224
        17⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 248
        16⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57475.exe
        11⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        12⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10044.exe
        13⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        14⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        15⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        16⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        17⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 224
        9⤵
        Program crash
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59369.exe
        8⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        10⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        11⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        12⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        13⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        14⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61077.exe
        15⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        16⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
        17⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        18⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        19⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
        7⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11803.exe
        11⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        12⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        13⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 224
        14⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
        10⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23309.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
        12⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41861.exe
        13⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59323.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        15⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 220
        16⤵
        
        PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        11⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        12⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        13⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40278.exe
        14⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23278.exe
        15⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        16⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        17⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42619.exe
        18⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        19⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        20⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        18⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        19⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 228
        16⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16390.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64180.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10075.exe
        11⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        12⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
        13⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        11⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39811.exe
        12⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
        14⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        15⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        16⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        17⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31327.exe
        18⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        19⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
        16⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42100.exe
        17⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-787.exe
        18⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57953.exe
        15⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        16⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        17⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        18⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe
        16⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        17⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        11⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        13⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        15⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        16⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
        17⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        18⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        19⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        20⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41502.exe
        18⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        19⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
        16⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        17⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        18⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        19⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
        13⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        14⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44186.exe
        15⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        16⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 224
        17⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4746.exe
        16⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34674.exe
        17⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
        13⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22951.exe
        14⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        15⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        16⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27051.exe
        17⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        18⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 248
        14⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        7⤵
        Program crash
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
        7⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 224
        8⤵
        Program crash
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
        11⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 224
        12⤵
        Program crash
        
        PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31897.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23812.exe
        9⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 244
        10⤵
        Program crash
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
        11⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64507.exe
        13⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        14⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19251.exe
        16⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        17⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53885.exe
        19⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        20⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 248
        18⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        16⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        17⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        18⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9977.exe
        19⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
        12⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        13⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        14⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        15⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        16⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58633.exe
        17⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        18⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        19⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
        12⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        13⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        14⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        15⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        16⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40486.exe
        17⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        18⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5426.exe
        19⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23776.exe
        12⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        13⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        14⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        15⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        16⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
        17⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4492.exe
        18⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        19⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        14⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
        15⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 224
        16⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46178.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48176.exe
        12⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        13⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        14⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        16⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23766.exe
        17⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39858.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22666.exe
        19⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59671.exe
        20⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 220
        12⤵
        Program crash
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37900.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-262.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        11⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        12⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        13⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10999.exe
        15⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        16⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        17⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        18⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        19⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        8⤵
        Program crash
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54538.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        11⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
        12⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
        13⤵
        Program crash
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
        11⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        12⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        13⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        14⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53677.exe
        15⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17544.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        17⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        18⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        19⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        15⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        16⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        17⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        13⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41233.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        15⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        16⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        17⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35198.exe
        15⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24202.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26395.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        14⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        15⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 220
        16⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        16⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        17⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
        18⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56204.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        11⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
        13⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53978.exe
        15⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        16⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38104.exe
        17⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        18⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
        19⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        17⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        18⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54263.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        11⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        12⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        14⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        15⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54876.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        17⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36153.exe
        18⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40719.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
        11⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 240
        12⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        11⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11985.exe
        13⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        14⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        15⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        16⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        17⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39443.exe
        18⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        15⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        16⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10517.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        14⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22754.exe
        15⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
        16⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20585.exe
        17⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        6⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
        12⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        13⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        14⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27575.exe
        15⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        16⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49780.exe
        17⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        18⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4860.exe
        15⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
        17⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6241.exe
        18⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        16⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        17⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        12⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7050.exe
        13⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 224
        14⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        11⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        12⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52743.exe
        13⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        14⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        15⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52494.exe
        16⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24913.exe
        17⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
        18⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19437.exe
        16⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14601.exe
        17⤵
        
        PID:6548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
        9⤵
        Program crash
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 248
        8⤵
        Program crash
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-957.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
        8⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        11⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        12⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220
        13⤵
        Program crash
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        9⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 224
        10⤵
        Program crash
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51549.exe
        7⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 244
        8⤵
        Program crash
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 248
        7⤵
        Program crash
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58539.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31757.exe
        11⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        12⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        14⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18483.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        17⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13454.exe
        18⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 244
        19⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18103.exe
        14⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11684.exe
        15⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        16⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33636.exe
        17⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3397.exe
        18⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        13⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        14⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56931.exe
        15⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        16⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        17⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 224
        18⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
        15⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        16⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
        17⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12416.exe
        18⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        12⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        13⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7818.exe
        14⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        17⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        18⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        19⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35581.exe
        17⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        18⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        16⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        17⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        8⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        10⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 224
        11⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9276.exe
        11⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23496.exe
        12⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        14⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8197.exe
        15⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        16⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 224
        17⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        14⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        15⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        16⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        10⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
        11⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        12⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 224
        13⤵
        Program crash
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        13⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62229.exe
        14⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        15⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
        16⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18063.exe
        17⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        14⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        15⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
        16⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        10⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        14⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        15⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        16⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 224
        17⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16536.exe
        14⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        15⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        16⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        6⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55524.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
        8⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 224
        9⤵
        Program crash
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        7⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        9⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 224
        10⤵
        Program crash
        
        PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        8⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        11⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        12⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        13⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 244
        14⤵
        Program crash
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62618.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        7⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        8⤵
        Program crash
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        6⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 244
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30605.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        10⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 244
        11⤵
        Program crash
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24902.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        11⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        12⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        13⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 220
        14⤵
        Program crash
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
        11⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 224
        12⤵
        Program crash
        
        PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 224
        7⤵
        Program crash
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        8⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        9⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48093.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        12⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        14⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25089.exe
        15⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42048.exe
        16⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        17⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11264.exe
        18⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        16⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        17⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39064.exe
        12⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
        13⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14206.exe
        14⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        15⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        16⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        17⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        18⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        14⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46272.exe
        15⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 240
        16⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50164.exe
        15⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14746.exe
        16⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8010.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17907.exe
        13⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        14⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        15⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        16⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49650.exe
        11⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
        12⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        13⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8477.exe
        14⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        15⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        16⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        17⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        18⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
        16⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        17⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        11⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63931.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35935.exe
        15⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        16⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 220
        17⤵
        
        PID:404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 376
        16⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61461.exe
        15⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29936.exe
        16⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        18⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 376
        17⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31497.exe
        16⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        17⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 376
        16⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 376
        15⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 376
        14⤵
        Program crash
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 376
        13⤵
        Program crash
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        11⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33890.exe
        12⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        13⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        14⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 240
        15⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        12⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
        13⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        14⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        15⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 244
        16⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
        12⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        13⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
        14⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        15⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
        14⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        15⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18582.exe
        16⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        17⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
        6⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
        7⤵
        Program crash
        
        PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
        6⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        12⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
        13⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49837.exe
        14⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49702.exe
        15⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
        16⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
        17⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
        18⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60678.exe
        19⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        11⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        12⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65182.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        16⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        17⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        18⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        9⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        10⤵
        Program crash
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54818.exe
        6⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 220
        7⤵
        Program crash
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        5⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40615.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        11⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        12⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 220
        13⤵
        Program crash
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
        8⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 220
        9⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-137.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11118.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        11⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
        12⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        13⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        14⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        15⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        16⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43086.exe
        17⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        18⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        14⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 240
        15⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43376.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        9⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 224
        10⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        10⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 220
        11⤵
        Program crash
        
        PID:4612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe

Filesize
192KB

MD5
dec073f64011f30e6fbfc833eebc87cd

SHA1
f131ce957d7efcf2c53db78d49474bd1fa1bf2d1

SHA256
1b726027c237dafe83ea326ada36ea30b946a54296eb2a0b53f6e30abbdd7787

SHA512
71687aa38baf419f84f9d9dabe7383e61717e3f8496ac18e6e525878761f8731498b24e999e1a34dbd366b0c80d8b6553674463000fa9e364c3e86f450bc7579

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe

Filesize
192KB

MD5
33c9ed632cea1c68b091872bc41ea9ee

SHA1
58e7321171c252d70a612b3feb432a461764213c

SHA256
12931a6a58e5403e9ab68b5fd4fed2d85ace3e06db32112a71a32b05a51e933b

SHA512
a9ce6687cc9cbecb1acf3db3395600f3780109039d707702b975c17399c44d4ff54fddc5246e329e8eae48ffbd4e6a0890b16e05691af1d0c802231b181ee2a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe

Filesize
192KB

MD5
570afa3733b09e625e33c75d670a1ff5

SHA1
54a4abcdc75e15a3ee5dda2b3edae8174e69dca8

SHA256
74db1b3a1dc75c8bf4251df604c7b832658c98c086e8fa2d5dd26823d55dc41e

SHA512
38752086fa2ae99ffa20854c9c2b016d3a870c50708d50eb28852de2f4d08838b67fc7d9f61e792286ab0e2a6ffd2a6549aa60786217694e7fed6f5aa61bcc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe

Filesize
192KB

MD5
d58e8d59d103f71a066712647c9b759d

SHA1
0a166be48ea80904ef8ee2d2b4808822406b3b10

SHA256
8d3299b868a157e3244ae00927f9b924a078dbbc878b965d43d8e73b330c38ee

SHA512
c223775230d0f5a0bf310f25f229c49beb4dc6497670bcb69e782c908685d8973c21880cb2b718b7d4ea1aca01feacf2c74384e9bf698ac3201c75e7fdcca2c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe

Filesize
192KB

MD5
4acba3c4248e61ae6ce0cfee98e8aff4

SHA1
a97b85ff30cbf6e4815e6d06975e64bb8619ace0

SHA256
720846c9fe3c6d9d437a2620092284d49382f570e264c01d79bb2562283fd06c

SHA512
0b233a441c1100687ceab69e383acde3a458ad9da0b843d5f922613779524385c02d6cf6a34a01cf2da027e04036e8ebec2570ec9fc74f4fc3c1816138e48798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe

Filesize
192KB

MD5
ca18a62f046f58130ecb9477b6780795

SHA1
4151053c1014476fd92d095dd5dcf52894e04b66

SHA256
b2791009beca8f4dd03b34c9a56a48e17ea570abc6db7f6228854d9893c164f8

SHA512
c772de212f69710899adbe4d8cdb58c80d98d2e43fd4b0a188eab4be91082e95dd82dfcd6e4359663642310f2ad63bc4dd30b5dd37f7b612706f42ed2d5292ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe

Filesize
192KB

MD5
8e22691022ce8a0d8602e2e8ca8b3a8a

SHA1
f698c6cd3a167d8da919f7a3123c146772378913

SHA256
af169a4e2dcb4547d371babaf643d1e2ec75a2e0ad8cbf5ab8dc95dd5288caac

SHA512
b73d7849d4ca2343af8084104d9b160299cd9383aa36f03ffb7053d7963aaeb033a9f9e8de9f4d46149028073b2f459b25172cb7fafaef2d459f1b476c1a7249

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe

Filesize
192KB

MD5
f03713ac7d20d28529e888c63966fbe4

SHA1
e0cbc0977c4a13888c6d0a1659767dbe781814e1

SHA256
bbf2ad9a82aa8e3c432fc37e6d4c432899de09c5891aef82f065d33970dac8e2

SHA512
0ecb9f4a3dc7279bba54bc4fd20ee6c732c72f3a78e6903f6e90c0ace43809cb50b60ec2bad68ac0f5a64c0a0d3ea3dd7c5a493f43f9d87791a77885e0280e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39665.exe

Filesize
192KB

MD5
62b7a52930b389456a5a3fde27e911f1

SHA1
b19c7b13e6910bf1e1da1cf072c8857f42e73d83

SHA256
032d808d39ae30f040c9d94029e8d125d2aa5e0ae9f8557f88cc37502dfc4096

SHA512
52b33e62fa651f120ae0eacc19a4edc556403e9e4cb7975b8f604c303041f82f2f551830da6f5eaab79b5f5a480945475474d1886e0160bd6f74a71b1e78695c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40201.exe

Filesize
192KB

MD5
9b863dd503fbf7ec96491b9236034633

SHA1
defd6601848657355fcbf539cd50d96d21dbc3e1

SHA256
f83d922b6c3d0cedd77c934d16af80d47dd7ca16009763d135ec64de3c8faab6

SHA512
ab62d091255cfdd20c48734ca820a84f9e7e064450785b6ec001a8cfd7f7e60ec95150003bcbe5516556d213f62592a0ab653982e43663a66172ba316a970326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe

Filesize
192KB

MD5
d490eb472de41aee0e1fa6f9e01e2fa2

SHA1
619a97fd6bed6221f6ccd3d792270f51e8753adb

SHA256
47b42e54d6bbfc96bf6fabc9ba9c36579d176777c196064845e05f76255ffef1

SHA512
9e4f892b747cfdf9f1e95f4af71f52ce7701c5a08cec90581d0bb3014580b62bdc20dcfb389e2f52537c9fcff668d4a3390c3db2b918adc60c8a479c2d3c6152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe

Filesize
192KB

MD5
50a9d7b90a49548869ef11e84c6898a0

SHA1
970af739f0778eb38dcb58e5142dccb238daa50b

SHA256
db5807b96aa0b44fdd59ef10103ec013b9a33761f50dd1ddc665815cf0ac6b1c

SHA512
e705600a513f905bbd4e83412a709feec4caca7d2886af893dae354316ee639bfc4481442d2b4d91fe68cd6244d38025fa219b2dca3b60cbac425a475884b746

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe

Filesize
192KB

MD5
a114b9969b6a3808d8ba571af5b6dbf7

SHA1
2bcca72bfc25b6d8f09d6cd431f76656b0d34544

SHA256
f4b1076c56198defbf0250af527eee59594c57c5446247bfb9b830bbfc863793

SHA512
1e587db1b477e1fbd8689aee63643775afd98d84d8b429a02c9d24567d645029c9d714b00be87f614a12eed5a3cd4832801ed62187c4d8ffbf03b6592a288131

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe

Filesize
192KB

MD5
5975b14ab3a29869f0b80b153a03c0a7

SHA1
26b46fdd782ed1594de830d5d4f65c4950f3390c

SHA256
8594291326302537538cad8b75325348d95fb6961b01c7a26f2340d83267d930

SHA512
a058b47d25a55d457367af9de840ce81599c22171c026502d913e841d842ba5e826975dd3f3e56191b6795115eb48bc44be36523997c9e737d24377eb47e7864

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe

Filesize
192KB

MD5
a1b37aa545358c6b40d53bcc0ae58ba4

SHA1
ae2ce073cd0fc417e73731e4784c075f63be36f9

SHA256
747120253d1ffaaf105277494f4903116f9a62d8113b16b6e41868d0afdcf336

SHA512
b4ba6479880208b8be6a6942e2c4a0038497eba73b9b72386b31acadbe8fbf6d7eb08ab4dd1c02abed9c8dea6dd139ef2331763140d154d6da68caad77385937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe

Filesize
192KB

MD5
ab11499e9f157fd39e59eb74ccb93f3d

SHA1
bc6af975a7f59f7fdaefb62ef8992f3a55fc8f3e

SHA256
a7592fa77ade351ec81c5c726a42c19207662578a6f26b8660fa6a1b81b1c40b

SHA512
e28fb807324f3ee5a9275f33965bc202232e5b7f2c6b7192fb76cdd55119d43ee058f6ca47ca7f9da5cacc1d43e8b88e5b85a978a67803e783be150dcf791718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe

Filesize
192KB

MD5
7e4e7ec2a2db176f32ed1cf7ee4dcc61

SHA1
21a69ee3b90897ac68209d889af722fcd1bfc8a2

SHA256
f6acab224218d9745e29b0315d6fc1f0df6e0695206db23f202ed08fe8811acc

SHA512
bcc903ac9e3388c4e8dbbd99953ffeabfef07e09b75260493d9a468f98a00ef400ea7a5385ccfef66bca0fdccc1804cc8ad401dd2e28028fa538d2fd8a321720

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6038.exe

Filesize
192KB

MD5
4a8d76556a1bb92bdbf317093f2b6a85

SHA1
3bd5662555a6245191011cd8a06afe8cbc8c1895

SHA256
e4d326937bc1bc1b06d6e61eda4b3a8cb29e631425e949a7df67986ccf2f24eb

SHA512
7f629d82c5d991f1f8735743b93044e054dd57b2dd000f9374f78516242619f15f4433cc236afdedffa9ae3cc46af3fcf1c57dd0b1a731241b99b5ce4100c6e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6292.exe

Filesize
192KB

MD5
0f700d176d7de11581d7ffa557c0e490

SHA1
7d1f1e28e86dc0d27f6d90981df124280174a87e

SHA256
408925f3f7544fd3413492c79853199eca6c9ef26c2f91ad2b5233838920d614

SHA512
199e559177f399fddfd6dc1d4fde885b1e3dcb2adb3ce5a870e5a08c6261a0987d10f838c9a18cc5251951e193883d0afa4ad64e2eb1977c59f1575364c1f53a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe

Filesize
192KB

MD5
579ad22c244703e08efd0bd529886aa4

SHA1
62aa0af5331e1f90a6748bbeea5dd2f5f828d940

SHA256
86425bb5bc70206ffc6f7060eeb0a00d9a55fabb84e8124ac19992719e3721ea

SHA512
aea42933d13236f45d7be349aad89cebaa310f6d5bf95902078b4821d368cc8e00bf3b4557c15c2e45d95ccc2b71a008a211152b4833dabee397566f2952b075

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe

Filesize
192KB

MD5
21c165958fb2ec83818a2d11d89a026d

SHA1
31f8e6f2cb6c8f6813dacec17dfb6b3a7a6ddb30

SHA256
8a82bfeb5f86a63926838e0e0b254e65b988228c60328971d09a1e0ca9e86bff

SHA512
103330e65f82a7a26c8c0b9d73eb41a8a6492c789d794cb9548c6cf2bcbd8178a8ccd9011633494ea382d01778e9c337371157157910dd9a615348d061aaf2f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe

Filesize
192KB

MD5
b86bb49f1e6628f95b24f24f2d511e67

SHA1
c7c1f2b136379a4620811d313eb020fe5a64f33c

SHA256
7b53694de04cee4116ef37afa95069e7705f8cef3034b20f6b7b540a0eed282a

SHA512
9399317f9c3c05450a8b996b23bb421495168dd43a25a7dfec43504442dc8fa40a9c25c48ceaf842cecc720c9dbb0ee1316e6ad72f0e87da8df193a9b6f649de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe

Filesize
192KB

MD5
b2e322597c2490a0ba94234cd3dbfa6a

SHA1
a594344993ed0aa17078c7da4a2caee31a6c58e4

SHA256
2007d2410a94ccee8bb6dbce0a3b5d974c135092595045684da9c0c96e878a7d

SHA512
9122647167c8d6484290286ccdf807177754cc54bcdc5c55cdc655280b604d3c0bed5885d769e06724ac11d0932f96e4674951a2ce5f8700d02ba357459e0f08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe

Filesize
192KB

MD5
fa5760cee827dd9cc3c62e260dfb40c6

SHA1
50cd8f7ddb70394ce61bd17b936aa99d4bfd83b9

SHA256
656f0552641f73b01a6508eb4f98bae4e048619edbc4c1227adf17e31dcc6853

SHA512
e2fe07b5c5d526567a9fb356537dd9010e6003080bb5aeaf2dddab51db50e724f45e19b771b1afc67d5594efb8994d3d171d349b655fae5d6b44af209f19f424

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe

Filesize
192KB

MD5
4aeb9b2d325fe06968eda60d1bc249fd

SHA1
04f2d4ff9fcfff95c554676dbc9f1fc5299feb25

SHA256
90d5318994c2d4ac36efbfee7695f9e31c0523cf61c089ed15f9b7b5fc02e1d8

SHA512
7cea6fbc25da1095e529715c3194885712227e0fb6c7f735a3fdc7b8b6d9627936049f59b7bad724744123bad4815543360b161e8890f5a4e674259f4752cd7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe

Filesize
192KB

MD5
991443667aeacb69a6153820df14da58

SHA1
628e37428ac8d3c1ae8a819dfd76ab6230259624

SHA256
a4dcc1389d910e1e7cd107ebb81dc5a75a883157473d109f7a3da403bc1f859e

SHA512
f020e25fe0b74c7e4bc41479a498aad726052bc720738ac8f17a05003559eda46249f284126e7a86f098ee71ad2b35259c349c6e93d5c11472ce13825b984f57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe

Filesize
192KB

MD5
36a3f341b9a9abc6d79767b8295f8478

SHA1
8dac61449aa2ea68d8ab87f54fdf8ef68ecbe2fd

SHA256
6abf4ee52006c2fa0338d329796e1f4c385a23990631b989098aeedfdbfebec1

SHA512
b7897e2a149f7feac84698bea1c346d5576be5e841a7e6e92038f6abb8d62c14183323e3baed4ef9161709e2dd9f952ead4c6f86b11944f2292030a9855e952f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe

Filesize
192KB

MD5
95cbde1fa3e3ae0dd6f3e9880d3de06a

SHA1
877927cff3ad321bbd20a28a07748308a0c36844

SHA256
3488c481095724a4a939703152b20a32817576a7109ad8aae8ed4b97b2600833

SHA512
de4a46f4cdd40bff640bd1aa1fc972aff5395ec8c4c06d91f03c353d357844fc667cdfa448834789540c1a59b37e7f6ea743b432bc4627e723e3ca7b0bf2bc45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe

Filesize
192KB

MD5
08522640fb25a2f9d1957a490ad46d72

SHA1
3e788822f78cf7ed408f70616eb2a0de190d6d67

SHA256
e4c1fe5c2919e6ad8e1f9b434bb354b6acf3b423cce8ab4700091b8b3e85a074

SHA512
327d85fa4e53dbbe4d096b3f5a69c7f174609e6bee0b4dfeb43431817a819d6265b2049e3a2d91bdba9abd5888292929ca8d620114462dc0139e941a72ded03b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe

Filesize
192KB

MD5
0919b65071aa1a2e2d0e83399afbb7c4

SHA1
af3a72c316edfaebe87d42f9660bb81db06f74ab

SHA256
be7c09bc2f725f7346be5822525cf1b855cde3e24f3ef94fed863c02972516b5

SHA512
13e6f52ca50159e361f4d7da5f8a4c853aa57a699549866b8a018221dd4f7250716c862f3caec1dc66b8731ad005405a4e105fe02d0e39ef271e8ba53f80e371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe

Filesize
192KB

MD5
bfdbd048005c998a7567f01a622dcc4c

SHA1
e5019d9ab842ad48642782dfbf537aab7d4e2a62

SHA256
667c861d3fc8edc2485922cc0e4b5f91c900fe7acac4235a7354b9b47373554b

SHA512
c8c45723031ea0592e8211fc7611bfcb9a3d23c6d520b313e24764096aa60b038f167dc750de772ad858ff9a5a890193346e31cf90c5f10e1b78468ccf146770

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe

Filesize
192KB

MD5
b5a2cdf1985dee32bce909aea757974b

SHA1
5c70fa899ec4c6640ddc6e23a3bd6470c9e8ad8b

SHA256
2b3b0993bb103e65d2d021bd8a63e1ba98ce37badecde3ef138677344fdc5944

SHA512
bd0764962775b3e7154acd322319b5e4f158ff4652b10795e4d6ff2a610199388d16645f2992a084b2fbf030f23300f33967366156e7a428f1601b997f4a5771

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe

Filesize
192KB

MD5
a4425def5a80dff70e7980a3a7f9b846

SHA1
1c491646a83f18d7e8f35a55ba2f8a40a1b8321b

SHA256
bb5291cb736dbe9c6fbf0a47977b6bf5d95a5d082af4bb557d0abe0f1b0e307f

SHA512
8f7ed0e425c21cb96225d459ac1a84b7f542feb69fa0897f7e8328bc7bc554fc9707893ba29051789e216bcbe7aa696c081befb0ab67c1c484e6787c7952a463

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63004.exe

Filesize
192KB

MD5
e3cb248fb21390a4a435994c93639cd5

SHA1
78eca87193b92fdf5c77d607ae369dc85e8780be

SHA256
160e4156787ec512cb0c98a2d514ea305f8fdb620235f5b8858c4f88183f8a2f

SHA512
e77f0b99d895b63bb48592f0c351f7dcb3b2d41f73b07f7013ded5e5a2978060a5ec603c8db8d70d35c217a172d785a3d04d76278a145d0b0f9bcd1d6a9fa665

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe

Filesize
192KB

MD5
7571b6f043fd298f6b21872fd0fe7d48

SHA1
f0ea498a1fdec262e85cf90740c608a70e115e0a

SHA256
15e7e5f188111df620b9f876bacc068376638427eae986718dc8a31f5ffa8fc8

SHA512
6aeb273f0d7712c53b01cc097d3cf9aafdb065a6882653544025c36b1df2a1ca18ff12c2aac287197be7f84fc20aaf78ebf96185c676eb155e2c11983af88344

Download Submit