7408d4f60f81b9aeb0a31f9553e173a30b4f96ce9996aa41981d0f0c801ee367

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
Size

192KB
MD5

3924282a912884bae1a349572be39bd4
SHA1

7ce3c291b6c0a52d0e70bfd10f3c29373a8f5432
SHA256

7408d4f60f81b9aeb0a31f9553e173a30b4f96ce9996aa41981d0f0c801ee367
SHA512

cbeae145e7bb34866fa4f64ee8afec3527113246ba7542730aa6476f7f6673207a953478501456bf0eaff86f1ecd02c6838d8f96992d08f2e53688d2bf1c7b1f
SSDEEP

3072:tu8PoAhwBPAUkbC0Xdvhqh8b6228rrW5T2NFx7gWxk2lVvMQ:tukoZYjb7dZqh8ixIu2lVvM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1784	Unicorn-50908.exe
1956	Unicorn-21739.exe
2904	Unicorn-45921.exe
2608	Unicorn-27105.exe
2824	Unicorn-7239.exe
2880	Unicorn-27105.exe
2892	Unicorn-34884.exe
2984	Unicorn-9502.exe
1160	Unicorn-55174.exe
2500	Unicorn-45714.exe
1448	Unicorn-17680.exe
2696	Unicorn-29570.exe
2076	Unicorn-1536.exe
568	Unicorn-37930.exe
1108	Unicorn-208.exe
1148	Unicorn-62408.exe
2372	Unicorn-592.exe
1540	Unicorn-57961.exe
1656	Unicorn-38095.exe
852	Unicorn-10488.exe
2336	Unicorn-15127.exe
528	Unicorn-7110.exe
2288	Unicorn-44614.exe
552	Unicorn-23447.exe
1604	Unicorn-33727.exe
1600	Unicorn-33727.exe
2440	Unicorn-50063.exe
2744	Unicorn-6762.exe
2428	Unicorn-30197.exe
2812	Unicorn-26628.exe
2328	Unicorn-46726.exe
1708	Unicorn-25559.exe
2640	Unicorn-5652.exe
2156	Unicorn-6721.exe
592	Unicorn-44225.exe
496	Unicorn-473.exe
2660	Unicorn-25170.exe
2908	Unicorn-13472.exe
668	Unicorn-54505.exe
2028	Unicorn-58226.exe
1492	Unicorn-58226.exe
2016	Unicorn-58226.exe
1444	Unicorn-54697.exe
2096	Unicorn-54697.exe
1996	Unicorn-857.exe
2964	Unicorn-4152.exe
2104	Unicorn-24018.exe
1132	Unicorn-1023.exe
2460	Unicorn-5854.exe
1884	Unicorn-64168.exe
2432	Unicorn-52663.exe
1700	Unicorn-31496.exe
2532	Unicorn-28865.exe
1040	Unicorn-12014.exe
1384	Unicorn-40240.exe
1508	Unicorn-33695.exe
2984	Unicorn-56576.exe
1576	Unicorn-29057.exe
2216	Unicorn-19737.exe
340	Unicorn-19737.exe
2792	Unicorn-16207.exe
2468	Unicorn-40903.exe
2764	Unicorn-52601.exe
2652	Unicorn-49072.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
1784	Unicorn-50908.exe
1784	Unicorn-50908.exe
1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
1784	Unicorn-50908.exe
1956	Unicorn-21739.exe
1956	Unicorn-21739.exe
2904	Unicorn-45921.exe
1784	Unicorn-50908.exe
2904	Unicorn-45921.exe
2608	Unicorn-27105.exe
2608	Unicorn-27105.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
2880	Unicorn-27105.exe
2904	Unicorn-45921.exe
2880	Unicorn-27105.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2904	Unicorn-45921.exe
2940	WerFault.exe
668	WerFault.exe
2892	Unicorn-34884.exe
2892	Unicorn-34884.exe
2608	Unicorn-27105.exe
2608	Unicorn-27105.exe
2984	Unicorn-9502.exe
2984	Unicorn-9502.exe
2880	Unicorn-27105.exe
2880	Unicorn-27105.exe
1160	Unicorn-55174.exe
1160	Unicorn-55174.exe
2500	Unicorn-45714.exe
2500	Unicorn-45714.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
2892	Unicorn-34884.exe
2892	Unicorn-34884.exe
2696	Unicorn-29570.exe
2696	Unicorn-29570.exe
2076	Unicorn-1536.exe
2984	Unicorn-9502.exe
2076	Unicorn-1536.exe
2984	Unicorn-9502.exe
568	Unicorn-37930.exe
568	Unicorn-37930.exe
1160	Unicorn-55174.exe
1160	Unicorn-55174.exe
1108	Unicorn-208.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
668	1956	WerFault.exe	31
2940	2824	WerFault.exe	33
1948	1448	WerFault.exe	43
1820	528	WerFault.exe	55
2784	2028	WerFault.exe	74
2800	2440	WerFault.exe	62
2772	2096	WerFault.exe	78
2724	2964	WerFault.exe	81
1732	1384	WerFault.exe	89
908	496	WerFault.exe	70
2832	2636	WerFault.exe	103
1616	2792	WerFault.exe	96
2500	2468	WerFault.exe	97
2396	2104	WerFault.exe	80
2756	1884	WerFault.exe	84
2704	1164	WerFault.exe	122
760	1956	WerFault.exe	136
1720	3028	WerFault.exe	140
2352	668	WerFault.exe	166
2132	888	WerFault.exe	123
1152	536	WerFault.exe	132
2932	1996	WerFault.exe	173
3748	3668	WerFault.exe	251
3848	2496	WerFault.exe	191
3176	800	WerFault.exe	198
3332	2848	WerFault.exe	200
1700	2648	WerFault.exe	203
3240	1340	WerFault.exe	218
3552	3004	WerFault.exe	228
2092	3472	WerFault.exe	246
2776	3248	WerFault.exe	267
3768	3140	WerFault.exe	264
1196	3276	WerFault.exe	268
3648	3392	WerFault.exe	272
3288	344	WerFault.exe	296
1084	2652	WerFault.exe	235
1244	2128	WerFault.exe	298
816	2208	WerFault.exe	313
704	3304	WerFault.exe	299
1504	3504	WerFault.exe	331
3616	2316	WerFault.exe	292
3168	3416	WerFault.exe	322
2808	3380	WerFault.exe	320
4028	2448	WerFault.exe	302
4228	3908	WerFault.exe	311
4388	3872	WerFault.exe	334
4396	2976	WerFault.exe	326
4408	3492	WerFault.exe	327
4652	700	WerFault.exe	344
4696	3228	WerFault.exe	345
4716	3080	WerFault.exe	336
4744	3972	WerFault.exe	340
4836	1376	WerFault.exe	279
5096	3580	WerFault.exe	348
2688	2012	WerFault.exe	306
1648	5036	WerFault.exe	417
5028	4644	WerFault.exe	405
3400	2236	WerFault.exe	370
2692	4116	WerFault.exe	390
3536	880	WerFault.exe	377
1236	4800	WerFault.exe	411
4352	3448	WerFault.exe	382
2812	1716	WerFault.exe	466
3244	2684	WerFault.exe	386

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22361.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40943.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38272.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2816.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50736.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
1784	Unicorn-50908.exe
1956	Unicorn-21739.exe
2904	Unicorn-45921.exe
2608	Unicorn-27105.exe
2880	Unicorn-27105.exe
2824	Unicorn-7239.exe
2892	Unicorn-34884.exe
2984	Unicorn-9502.exe
1160	Unicorn-55174.exe
2500	Unicorn-45714.exe
1448	Unicorn-17680.exe
2696	Unicorn-29570.exe
2076	Unicorn-1536.exe
568	Unicorn-37930.exe
1108	Unicorn-208.exe
1148	Unicorn-62408.exe
2372	Unicorn-592.exe
1540	Unicorn-57961.exe
1656	Unicorn-38095.exe
852	Unicorn-10488.exe
2336	Unicorn-15127.exe
2288	Unicorn-44614.exe
552	Unicorn-23447.exe
1604	Unicorn-33727.exe
1600	Unicorn-33727.exe
2440	Unicorn-50063.exe
2328	Unicorn-46726.exe
2744	Unicorn-6762.exe
2812	Unicorn-26628.exe
2428	Unicorn-30197.exe
1708	Unicorn-25559.exe
2640	Unicorn-5652.exe
2156	Unicorn-6721.exe
592	Unicorn-44225.exe
2660	Unicorn-25170.exe
496	Unicorn-473.exe
2908	Unicorn-13472.exe
668	Unicorn-54505.exe
2028	Unicorn-58226.exe
1492	Unicorn-58226.exe
2016	Unicorn-58226.exe
2096	Unicorn-54697.exe
1444	Unicorn-54697.exe
2964	Unicorn-4152.exe
1996	Unicorn-857.exe
2104	Unicorn-24018.exe
2460	Unicorn-5854.exe
1132	Unicorn-1023.exe
1884	Unicorn-64168.exe
2432	Unicorn-52663.exe
1700	Unicorn-31496.exe
2532	Unicorn-28865.exe
1040	Unicorn-12014.exe
1384	Unicorn-40240.exe
1508	Unicorn-33695.exe
2984	Unicorn-56576.exe
1576	Unicorn-29057.exe
340	Unicorn-19737.exe
2216	Unicorn-19737.exe
2792	Unicorn-16207.exe
2468	Unicorn-40903.exe
2764	Unicorn-52601.exe
2652	Unicorn-49072.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 1784	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	30
PID 1708 wrote to memory of 1784	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	30
PID 1708 wrote to memory of 1784	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	30
PID 1708 wrote to memory of 1784	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	30
PID 1784 wrote to memory of 1956	1784	Unicorn-50908.exe	31
PID 1784 wrote to memory of 1956	1784	Unicorn-50908.exe	31
PID 1784 wrote to memory of 1956	1784	Unicorn-50908.exe	31
PID 1784 wrote to memory of 1956	1784	Unicorn-50908.exe	31
PID 1708 wrote to memory of 2904	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2904	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2904	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	32
PID 1708 wrote to memory of 2904	1708	3924282a912884bae1a349572be39bd4_JaffaCakes118.exe	32
PID 1956 wrote to memory of 2608	1956	Unicorn-21739.exe	34
PID 1956 wrote to memory of 2608	1956	Unicorn-21739.exe	34
PID 1956 wrote to memory of 2608	1956	Unicorn-21739.exe	34
PID 1956 wrote to memory of 2608	1956	Unicorn-21739.exe	34
PID 1784 wrote to memory of 2824	1784	Unicorn-50908.exe	33
PID 1784 wrote to memory of 2824	1784	Unicorn-50908.exe	33
PID 1784 wrote to memory of 2824	1784	Unicorn-50908.exe	33
PID 1784 wrote to memory of 2824	1784	Unicorn-50908.exe	33
PID 2904 wrote to memory of 2880	2904	Unicorn-45921.exe	35
PID 2904 wrote to memory of 2880	2904	Unicorn-45921.exe	35
PID 2904 wrote to memory of 2880	2904	Unicorn-45921.exe	35
PID 2904 wrote to memory of 2880	2904	Unicorn-45921.exe	35
PID 2608 wrote to memory of 2892	2608	Unicorn-27105.exe	37
PID 2608 wrote to memory of 2892	2608	Unicorn-27105.exe	37
PID 2608 wrote to memory of 2892	2608	Unicorn-27105.exe	37
PID 2608 wrote to memory of 2892	2608	Unicorn-27105.exe	37
PID 1956 wrote to memory of 668	1956	Unicorn-21739.exe	38
PID 1956 wrote to memory of 668	1956	Unicorn-21739.exe	38
PID 1956 wrote to memory of 668	1956	Unicorn-21739.exe	38
PID 1956 wrote to memory of 668	1956	Unicorn-21739.exe	38
PID 2824 wrote to memory of 2940	2824	Unicorn-7239.exe	40
PID 2824 wrote to memory of 2940	2824	Unicorn-7239.exe	40
PID 2824 wrote to memory of 2940	2824	Unicorn-7239.exe	40
PID 2824 wrote to memory of 2940	2824	Unicorn-7239.exe	40
PID 2880 wrote to memory of 2984	2880	Unicorn-27105.exe	39
PID 2880 wrote to memory of 2984	2880	Unicorn-27105.exe	39
PID 2880 wrote to memory of 2984	2880	Unicorn-27105.exe	39
PID 2880 wrote to memory of 2984	2880	Unicorn-27105.exe	39
PID 2904 wrote to memory of 1160	2904	Unicorn-45921.exe	41
PID 2904 wrote to memory of 1160	2904	Unicorn-45921.exe	41
PID 2904 wrote to memory of 1160	2904	Unicorn-45921.exe	41
PID 2904 wrote to memory of 1160	2904	Unicorn-45921.exe	41
PID 2892 wrote to memory of 2500	2892	Unicorn-34884.exe	42
PID 2892 wrote to memory of 2500	2892	Unicorn-34884.exe	42
PID 2892 wrote to memory of 2500	2892	Unicorn-34884.exe	42
PID 2892 wrote to memory of 2500	2892	Unicorn-34884.exe	42
PID 2608 wrote to memory of 1448	2608	Unicorn-27105.exe	43
PID 2608 wrote to memory of 1448	2608	Unicorn-27105.exe	43
PID 2608 wrote to memory of 1448	2608	Unicorn-27105.exe	43
PID 2608 wrote to memory of 1448	2608	Unicorn-27105.exe	43
PID 2984 wrote to memory of 2696	2984	Unicorn-9502.exe	44
PID 2984 wrote to memory of 2696	2984	Unicorn-9502.exe	44
PID 2984 wrote to memory of 2696	2984	Unicorn-9502.exe	44
PID 2984 wrote to memory of 2696	2984	Unicorn-9502.exe	44
PID 2880 wrote to memory of 2076	2880	Unicorn-27105.exe	45
PID 2880 wrote to memory of 2076	2880	Unicorn-27105.exe	45
PID 2880 wrote to memory of 2076	2880	Unicorn-27105.exe	45
PID 2880 wrote to memory of 2076	2880	Unicorn-27105.exe	45
PID 1160 wrote to memory of 568	1160	Unicorn-55174.exe	46
PID 1160 wrote to memory of 568	1160	Unicorn-55174.exe	46
PID 1160 wrote to memory of 568	1160	Unicorn-55174.exe	46
PID 1160 wrote to memory of 568	1160	Unicorn-55174.exe	46

C:\Users\Admin\AppData\Local\Temp\3924282a912884bae1a349572be39bd4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3924282a912884bae1a349572be39bd4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        8⤵
        Executes dropped EXE
        
        PID:528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 180
        9⤵
        Program crash
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
        11⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        12⤵
        Program crash
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        11⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51286.exe
        12⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        13⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        14⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        15⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        16⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13630.exe
        17⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
        18⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23424.exe
        19⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        20⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        21⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 224
        22⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2816.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        11⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        12⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
        13⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        14⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        15⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        16⤵
        Program crash
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36146.exe
        15⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        16⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        17⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        18⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 240
        19⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62935.exe
        17⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
        18⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36364.exe
        19⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        20⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        21⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8064.exe
        22⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
        11⤵
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 188
        12⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28624.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        12⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        13⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62869.exe
        14⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        15⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        16⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62831.exe
        17⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
        18⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        15⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4118.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23709.exe
        17⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        18⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        19⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        20⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        21⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        22⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        23⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        11⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        13⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        15⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        16⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        17⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        18⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        19⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 220
        20⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
        19⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
        14⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        15⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        16⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
        17⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        18⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
        19⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        20⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
        21⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        22⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        18⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        19⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63204.exe
        20⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 240
        21⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        20⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        13⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        14⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
        15⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        16⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 244
        17⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13060.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        12⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
        13⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14052.exe
        14⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4260.exe
        15⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
        16⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
        17⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        18⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        19⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-733.exe
        20⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        21⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36733.exe
        22⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        23⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23249.exe
        24⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        15⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
        17⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63833.exe
        18⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        19⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        20⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        21⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        22⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        23⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59864.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 224
        13⤵
        Program crash
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
        11⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        12⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        13⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        14⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        15⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 224
        16⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        14⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
        15⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        16⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 224
        17⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18499.exe
        12⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 220
        13⤵
        Program crash
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1555.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
        11⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36512.exe
        12⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
        13⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        14⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        15⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
        16⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
        17⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        18⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        20⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        21⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        22⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        23⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        14⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        15⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        16⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        17⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        18⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
        19⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
        20⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        21⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
        22⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        10⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 220
        12⤵
        Program crash
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        11⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33824.exe
        14⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        15⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        16⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        17⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        18⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
        19⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        20⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31953.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        22⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
        23⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        24⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        25⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe
        21⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        22⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64771.exe
        23⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 244
        24⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        17⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        20⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        21⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 240
        22⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
        20⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23931.exe
        22⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        23⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29767.exe
        19⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 220
        20⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        12⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        13⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        14⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        15⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        16⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224
        17⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3941.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        16⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        17⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22848.exe
        18⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        19⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        20⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        21⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        22⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 240
        23⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        12⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 224
        13⤵
        Program crash
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 248
        10⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38058.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        12⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
        13⤵
        Program crash
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46854.exe
        11⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 224
        12⤵
        Program crash
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        10⤵
        
        PID:800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        11⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52663.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        11⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        12⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        11⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48562.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
        14⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 224
        15⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        11⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        12⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        13⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        14⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        15⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        16⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        17⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        18⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
        19⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        20⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15518.exe
        21⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        22⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
        23⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
        22⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        19⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        20⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
        21⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        22⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34431.exe
        11⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27576.exe
        12⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 224
        13⤵
        Program crash
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56.exe
        11⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
        12⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        13⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        14⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        15⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        16⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 240
        17⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        9⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        14⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        15⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        16⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        17⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        18⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        19⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        20⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 244
        21⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
        15⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        16⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40336.exe
        18⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9093.exe
        19⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        20⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        21⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        22⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11655.exe
        23⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        11⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 220
        12⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        12⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        13⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        14⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        16⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64222.exe
        17⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        18⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 224
        19⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        15⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        16⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        17⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        18⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        19⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        20⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        21⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        22⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        23⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        24⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63068.exe
        19⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 240
        20⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        18⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
        19⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        20⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        21⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24593.exe
        22⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        14⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
        15⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6853.exe
        16⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
        17⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35165.exe
        18⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        19⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        20⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 240
        21⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        20⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
        21⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        18⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        19⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42467.exe
        20⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        21⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 224
        22⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26071.exe
        11⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49330.exe
        13⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 224
        14⤵
        Program crash
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        11⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 224
        12⤵
        Program crash
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11469.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        11⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 224
        13⤵
        Program crash
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        11⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 224
        12⤵
        Program crash
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        12⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1598.exe
        13⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60018.exe
        14⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        16⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        17⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 220
        18⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        13⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        14⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        15⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        16⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        18⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6924.exe
        19⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22981.exe
        20⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
        21⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57758.exe
        22⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11755.exe
        18⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        19⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
        20⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        21⤵
        
        PID:6780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:2940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28865.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        12⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
        13⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        15⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        17⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31410.exe
        18⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        19⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        21⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        22⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        23⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        24⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        15⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        16⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        17⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        18⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 240
        19⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        12⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 240
        13⤵
        Program crash
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11661.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        12⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        14⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        15⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38296.exe
        17⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        18⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        19⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        14⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        15⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        16⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 240
        17⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        10⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        11⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        12⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        13⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 244
        14⤵
        Program crash
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        11⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 224
        12⤵
        Program crash
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12014.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        11⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 224
        12⤵
        Program crash
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26988.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        11⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3518.exe
        13⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
        14⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        15⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        16⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        17⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        18⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        19⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
        20⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49587.exe
        21⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41889.exe
        22⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11881.exe
        14⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        15⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31976.exe
        16⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 240
        17⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20508.exe
        11⤵
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 244
        12⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55609.exe
        11⤵
        
        PID:3080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 224
        12⤵
        Program crash
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64866.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        12⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        13⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        15⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 220
        16⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
        14⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        15⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        16⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        17⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
        18⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        19⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        20⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51393.exe
        21⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        22⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 248
        10⤵
        Program crash
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        11⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15921.exe
        12⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 220
        13⤵
        Program crash
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        12⤵
        Program crash
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
        11⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        12⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38796.exe
        13⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        14⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        15⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38234.exe
        16⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39329.exe
        17⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
        18⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        19⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        20⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        21⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 224
        22⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        8⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        9⤵
        Program crash
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        9⤵
        Program crash
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 236
        8⤵
        Program crash
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        11⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23892.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        13⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48503.exe
        14⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        15⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        16⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56288.exe
        17⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56711.exe
        18⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        19⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55196.exe
        20⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
        21⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 240
        22⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        19⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        21⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57950.exe
        22⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43638.exe
        18⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        19⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        20⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        21⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        11⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        12⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
        14⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        15⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        16⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        17⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        18⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        19⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        20⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4006.exe
        21⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        13⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 224
        14⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        11⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        12⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 224
        13⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        10⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        11⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7994.exe
        13⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        14⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
        15⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
        16⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        17⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        18⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 224
        19⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        13⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54663.exe
        14⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        15⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17456.exe
        16⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7126.exe
        17⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
        18⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        19⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
        20⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        21⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        22⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        18⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
        19⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 240
        20⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52191.exe
        17⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 240
        18⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61834.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
        13⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22292.exe
        14⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        15⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        16⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        17⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 240
        18⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        17⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
        18⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        19⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        20⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47259.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        11⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51134.exe
        13⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        14⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        15⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 224
        16⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        12⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        13⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 240
        14⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5041.exe
        11⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 224
        12⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36273.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        11⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        14⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        15⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        16⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        17⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        18⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        19⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        20⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        21⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54984.exe
        22⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
        23⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
        12⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        13⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        15⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        16⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 220
        17⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
        16⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        17⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
        18⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 244
        19⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        18⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        11⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        12⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        13⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        14⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        16⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        17⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        18⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 220
        19⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        13⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
        14⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 224
        15⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42267.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2457.exe
        13⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56287.exe
        14⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        15⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        16⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        17⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        18⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        19⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        20⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16448.exe
        21⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        22⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11371.exe
        18⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        19⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        20⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        21⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57693.exe
        13⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        14⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        15⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        16⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
        17⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        13⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe
        14⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        15⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        16⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        17⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        18⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe
        19⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
        20⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55921.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
        11⤵
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 220
        12⤵
        Program crash
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37440.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60861.exe
        12⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        13⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 224
        14⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 228
        12⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        10⤵
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 224
        11⤵
        Program crash
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
        8⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        9⤵
        Program crash
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41307.exe
        12⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
        13⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        15⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
        16⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        17⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        18⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        19⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        20⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56084.exe
        21⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        22⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64665.exe
        23⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 248
        14⤵
        Program crash
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        11⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65090.exe
        13⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44468.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30885.exe
        15⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8036.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        17⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 220
        18⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35715.exe
        14⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        17⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
        18⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        19⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
        20⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        21⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
        22⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        21⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
        18⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 224
        19⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        12⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        13⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        14⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        15⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
        16⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 224
        17⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12308.exe
        11⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        12⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        13⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        14⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
        15⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        16⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        17⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
        18⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        19⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        20⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40267.exe
        21⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe
        22⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        13⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
        14⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        15⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5014.exe
        16⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        17⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
        18⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        19⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 224
        20⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        17⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        18⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        20⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
        16⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 244
        17⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29366.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
        12⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        13⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe
        14⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        15⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        16⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 220
        17⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42338.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48722.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        11⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        12⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        9⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 224
        10⤵
        Program crash
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 228
        7⤵
        Program crash
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46252.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36771.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        12⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20348.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47797.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        15⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21021.exe
        16⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 224
        17⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        13⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 224
        15⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        10⤵
        
        PID:344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 224
        11⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        10⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12402.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        13⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        14⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45151.exe
        15⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        11⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        13⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        14⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 224
        15⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 228
        13⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        12⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 224
        13⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        7⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 224
        8⤵
        Program crash
        
        PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        7⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        7⤵
        Program crash
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22873.exe
        7⤵
        
        PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        10⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        11⤵
        Program crash
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        12⤵
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 224
        13⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        12⤵
        Program crash
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
        11⤵
        Program crash
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60222.exe
        10⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        11⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 224
        12⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26386.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23243.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        12⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 244
        13⤵
        Program crash
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        12⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        13⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50605.exe
        15⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6028.exe
        16⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41384.exe
        17⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        18⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        19⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        20⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        21⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        22⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        13⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 224
        14⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22169.exe
        11⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26170.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        13⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32551.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        15⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
        16⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        17⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        18⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64677.exe
        19⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
        20⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        21⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
        22⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        23⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54506.exe
        20⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 224
        21⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
        19⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30957.exe
        20⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 240
        21⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
        18⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        19⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        20⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15570.exe
        21⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
        22⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        10⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 224
        11⤵
        Program crash
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53299.exe
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64659.exe
        11⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        12⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        13⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 240
        14⤵
        Program crash
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
        12⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 220
        13⤵
        Program crash
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        11⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 224
        12⤵
        Program crash
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 248
        9⤵
        Program crash
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43694.exe
        9⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        10⤵
        Program crash
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 220
        7⤵
        Program crash
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
        7⤵
        Program crash
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
        7⤵
        Program crash
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19737.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5219.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        9⤵
        
        PID:668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 220
        10⤵
        Program crash
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
        11⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
        12⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        13⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5462.exe
        14⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        15⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        16⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
        17⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64485.exe
        18⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        19⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21103.exe
        20⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        20⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
        17⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
        18⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        19⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        20⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        12⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
        13⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        15⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 240
        16⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49475.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        12⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 244
        13⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36963.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11021.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        13⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53319.exe
        14⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        16⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2741.exe
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
        18⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        19⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55451.exe
        20⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
        21⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        11⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
        13⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
        14⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        15⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        16⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        17⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
        18⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        19⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        20⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        17⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        18⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        19⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        16⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        17⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
        19⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        11⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 224
        12⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12820.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        12⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        13⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 240
        14⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        11⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12338.exe
        12⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        13⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53094.exe
        14⤵
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 224
        15⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
        7⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        6⤵
        Program crash
        
        PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe

Filesize
192KB

MD5
8c93e0b7de1e1a62a0a5f5650f05199d

SHA1
bca37f576d8e2467e74b6aff0b50e25b495e4768

SHA256
98e0a52dd1339fa4d0ce91338c9a1759106211b3e5c5d0f81f0ff78e1aaa64bd

SHA512
94e03652affd6dc03c8762da626139db8a523bf6e4095ae95941bdc31426f0a44fd2fcb2b44e625c3c4b625276fee9119c34b76abcf1240c666abf260d335bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe

Filesize
192KB

MD5
734673698d37cb43ca077a0e28776f08

SHA1
c6c6e446cf892197a5fdca6349e4ce75e2a63484

SHA256
ed6ca424ec206bc2d253439e90d53450185f018bacaea17f8f2ebe4a284c463a

SHA512
78a14ba5641955b89d6d3be0587a77e6681863aa1a2d87443bf97c83fc70fb056581d7808128874f0df2151f2fc426e18b3bc7d3e8c8fe2e302c16f7f823fe81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14870.exe

Filesize
192KB

MD5
51a6a796a8b55743d3315ebffbe4092c

SHA1
ec414c0e1c68b8af91f5360c8b80afc9cb2180ab

SHA256
d60fd41ac5bd21c8b354dbacf2f753197c1998d1d3684d1412f771838fa222a8

SHA512
79e87d5aa9a20bb980c05017d1b86ea9cecd92219fbe962a331258a7ab7ecdd2a7bc0b2dd911dcaf6b2670c332decfa283e86e684c3bf3c576cdd584d1a6392a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe

Filesize
192KB

MD5
9315302901215ac80b29fca296b0ea0e

SHA1
d01b9a489f8d8afd328f09325e91889733acf6d1

SHA256
1b83e8c9bbd3e74e16ee6d5d65b6e567381ef36e5d007eb4bc4a6558f5a1b068

SHA512
92a106abecb409c88f331594fa7993441e5a17af1f138fe3b0d63f1bb19321dfe331bc4441fa0d3237ecf2f2a55154ac3a2c765891a129d2e68b03560922d57f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe

Filesize
192KB

MD5
80eb4f889d763c9f55efc017716dacf2

SHA1
91bd6a0adbe70c63e247c83cd3373ce0d9db9ba8

SHA256
c576c998b1b3a8e6c8fd2dea5a29ba32e2cc1f6998a05af00792b5a2e4bdd145

SHA512
a34a4ab6ea3b715fa923e47b042da0f9fa1e812f513acf16dd4d22326a87e342990c0fd75147bf748d6ecc8ec99a04817e60463dc7f12e1d845cf921acf46de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe

Filesize
192KB

MD5
9ee6f7e87dc5006d732277d94881c75f

SHA1
53b1823c0be7f1071bc2c37749fc8396e8e1d269

SHA256
681a3530581efcd830517e9c94a79142bff4fb4e9e201960077ab59469572ef4

SHA512
5ca14615589fdc67fe53acbc3328135bc574836654b8a8ee6c4afe88ac1f9a0ea5d00701f663589f4cc840ddac5d39ff7b4bbc6dedcdb58282dfc6a65f4a7d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15999.exe

Filesize
192KB

MD5
21b62f37e884f19d7d58242a96ed4af0

SHA1
b72b386700e5af90853aa2c52a3d5860c20cba2c

SHA256
fb559489598087efef6339743be41e4a3c06a0145f51e522e24c8f0b53674ae7

SHA512
b2a0e45195f2101ea08707e9d0dc899243b2d4f70c22f5b4c961aa96c141b7f54ca28c333c6288fbeb33fc43e812556c6bfb10b51aa5f94461cd73f0dcedc615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16114.exe

Filesize
192KB

MD5
1018195cff3662d37a660d0e37d47793

SHA1
6326105e07feec2b94cc393e4a00771f0ed9be06

SHA256
01d82d39157ace3d904053f0db7fc46078d336f27fdc132c4a7cad1d72b47dcf

SHA512
1e450d03d0a8eb3c527cfcc97039917df7dcb86b6aeaf3d9d0e9d5ef38a142898c98d4cba8a9f907a555a91a86b1284e1d5fb861e32005ef7b7a43e7d9f8f10d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe

Filesize
192KB

MD5
6f62dfd471f1975c129148eb78a63344

SHA1
4c78dcc4c28d0ea0aba28f00fe2e376f9962cce3

SHA256
104bd88e7f71fb1816fe6ca985d8dd49564d52d147a1a4afbdcda62edd764762

SHA512
fda84f8de5f0848aa13e5a0a589b5ecc3f73b0d07c1cfbd15fa5693d65748f7563a71b652e5e5edf4835d9b5847c1f4a34171fec9378507ce2f50c5cb9dfe3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe

Filesize
192KB

MD5
92e81bfdb4e227ed884e4e272c14d99a

SHA1
e68347e9163a69ddfd264955eba9d0ef4d8d1a70

SHA256
efae8185eb76a97ef1f9a4148eb51f681a56aa1dc56f16f19fb51d8b32369504

SHA512
3bfa7416743ecb991d1ab0d953c90e0c93bdf83fc8e3bb4e35167708c9d6f1bb355c2e61ffbe3f6286272f6d6b50ca2d1e5d279e046446715f910e5cce89170d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe

Filesize
192KB

MD5
6c1625dd7a22f077d5dc3b51f23dfede

SHA1
2829e3199750f8571d8c5fc818c4b8a22b89f954

SHA256
1ddf2beb6e5585383ef74f6d1609eab884ebfe87ffefa1e73f5d34f8dc0b2612

SHA512
48ad16538e0fb715e61beb17373505e2e3a9e8d7935a7a2c8952e550798bcfbb8e83fcf35ae79becf2a23920341c6e9e5acfb1341f0b088918058d8dec160683

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe

Filesize
192KB

MD5
8b0e8e62065ad304b1c68495d5d0bf1a

SHA1
5b232c111676eaf559b1800134bb65050bb08c1f

SHA256
c8d2b0b005065bc431b90bf9d763014882c0b40a0f3553a00aa8cdd55d459d1c

SHA512
2ae3e11c69c9d18012c6fcd2578e039536c145c3d8d493cbe00b397575d156a56b7dddc7b6d80aabf007669247622fc1d22167b7c4b73112977bb86a77c42d33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe

Filesize
192KB

MD5
7852ccbfffe715e836008420967af936

SHA1
7d718e5c611cad40c34f175f4251efc78f7c858b

SHA256
87071fbd7af76b8ee23cd75c50adea43c2b07b9e390be6c2314a88af39c66e0c

SHA512
115e7b67a4cdd57f0795e31e3eed2c0290be80f1794946e991d1251948a728f37e5d7ae519a31275de3961c5f07034429af17bd91d08045fb23b4fc71764b99d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45921.exe

Filesize
192KB

MD5
cf6a3fbd296409dcfb77fb0806094413

SHA1
5fff982f0d98ee5658a590447fb8618b27e400a6

SHA256
2d5a4cedb7868d072a493004c610023595076b8436859d54390100c39851cd18

SHA512
aaedcf4270496e0f2cfbccc15438230432157e08077931b94ae07d22118913c588012e20a96757917b4b05c860c9fad9f2d30d70dab68f2324e2b5ac410343f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46796.exe

Filesize
192KB

MD5
8c53ca05b70abf79780ac82e11bd9cfa

SHA1
1d6dfd9c089c151c78a1ab295b57ad31b74ae172

SHA256
2d7215a41e5726b841a4b91c6160f0fe5f2a4745603a0f9d28d9db0e9ff6034c

SHA512
aa8c29cf6fa35d34bf090f5aade88f0d26163f384323924e1392c35b03c13883ca244fb9f28c582e8c1eb6c39da4dbd08bb5dddd2789e6c5801f3036ab1f5f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46909.exe

Filesize
192KB

MD5
f07e8cfcd822e741f4731007af3c5e6f

SHA1
fff484f94839ea5223ea6320db07fdf3208bee6d

SHA256
2b624d4eb6d7cb8bac56f08ec9a0f22845349fd97052bbf49e14a596d6eee070

SHA512
758774bb6d10e5d1469bc150098f88d2e587dc196b2018785590d7cb97b04940eab033a59f7bc1261aab2b923c4687971e3ef9025ebd28d3f9e99e78d6c46025

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe

Filesize
192KB

MD5
5d60c77a84cc8fd1d75e994cfd507bc2

SHA1
39c57cbaceedd6e0988f6a75129b0aa30f01eaa5

SHA256
edf3218bf4927ba1bb2cd4e166eac0245cfc04b89ce64d66bcd6a6e51f4eb463

SHA512
c218c9d4019c875354d19baf5602008c2bfb4ddf94dcc05aa368ea29a640d4ebb01ee2618cb9be3b7a536a648ac5ac6a8da454a95f7c54a44248c038fe7670c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe

Filesize
192KB

MD5
478c4a135e8a1ed66b1ac2366cec6f5e

SHA1
cf4848fe3cdadbd6b691dca5ab366dfe44252992

SHA256
5f9254560f67a249f64186ce8fb445c1185d0b1dee0aa65a9f837946a1078fe0

SHA512
1c0ebedf9281808179e20368e4c28e66170cb8c8071d6927c0b5751eb9c3327764dc597fe24936326b1b37eef810f25df00ae14948ad2a9985cd9f4c20f69c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe

Filesize
192KB

MD5
0e6d0d8270d39f3fabd5c60e6913d2f1

SHA1
79dbfa17dc67dd0d9bc8b18927bcef50679f0071

SHA256
318032914badb9d66d438ca594937dce7b2992251eb73ee60b25596ee314b0fa

SHA512
8edbf8a5224309aad38eb6273380ef99ee06835be97c5659694aba5135c4adb1cef7594f52101d5250684e6e7ff867dc182e45af66554a9082c2e322e60dc695

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe

Filesize
192KB

MD5
f32ef2b01ac690540a66ceaaa0a729a2

SHA1
d2b0a9d577b1468184a66b061f7aa16ffd6c4f82

SHA256
fea97b22a672156ff6c484830be478946b4374a354357f7f3ee9fa8166bee21a

SHA512
6cd8a604454aef313bc32cec7a5cf212522e4bbf0ccdf90d54f69fffca5acb0ee0281c9d65fbb496e5e353946fa51f854765e20e7ce1e3f1cd279c4727069a0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe

Filesize
192KB

MD5
5f559de9c02f47eafe1a200b134fe6aa

SHA1
fa5234e93e2f7b74b25d1fc8a2a9acd292c60a80

SHA256
11fa286267e5ed10dab6042e9f419ea9ba46db06b21de8c57c650281f38aca6e

SHA512
f8e5113618214a6f2266f852485ac7ef045ff2b66f3cf98caefda92212aa208f2839ae13e79463be12641bb140ca028688fb9e02133b88a3a4da6607f97fbfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe

Filesize
192KB

MD5
2a1583237f817b3db08eb91ac791c45f

SHA1
f806501777f0541aeb6e327baed9ed740b93e9c2

SHA256
2b85fb786793b68e86e8bf27e625c8803eb60c73c429eab67af278aafb1f4d24

SHA512
6cadf5354a1346400484b29c6d244ee30cf55afbbc5a2be940b7f8653e2a06e6ce287acea7faf4336391d3eab9470af90c6eafc548ee8bedf804a9f51b075713

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe

Filesize
192KB

MD5
406228ecae64bae505f5fd1d189b4055

SHA1
1044f22091ab02287f84987d12a92ab6c1efc47c

SHA256
9d5cdb5b12582f5fab58df823516589a26fe2b5bfa552f847dcaa77e5e504ba4

SHA512
484098285b3cbf16ebbad0f03253074ec53886d4cd037c6b71d3e99efb4ffe1a742e17ac6899d0fae650369916901a48fbde0d4fda20e29f9c74a7dff1d5f623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe

Filesize
192KB

MD5
e0b63e18a6fed460320f0c78aee59fe9

SHA1
a48b7b54dd260728aa9f5104fb1016accce4d3b5

SHA256
2e4267d1cff4f19a71f5eb87bceb04938fc614d0866b7d91caf4272e8e53b244

SHA512
fcffb0dc394bba1ebd15cb7993b54c664204a10c17be33a8627b3b0c6ad6ae1f4f50d059b60dedf6041ba375dd7bdd612ce4bbe73b94ba700b2a2194559739b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe

Filesize
192KB

MD5
d46b044de104dbac4efec9b3de37607d

SHA1
7ddcd1cab344cc46eba6c8d911d7a8fe178b9019

SHA256
abf5a970cb98d24d98271528df2f1e7e5ee6aaf2ddbe743356345cda8c66f695

SHA512
d2af4aab3bc58a9613a58fa66f707e46d99d26a7501cad95cb1698088c4dda0769457eef5a9a32dc7e39916979b0129c8c9154693153b442a8808ccdb14f2944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe

Filesize
192KB

MD5
1da940a909973542a70dd46a9e13c8c4

SHA1
ba256a08de523cd283fc372de31d98352d9f2e1c

SHA256
5c5c2145e4e7a7260fdca6632b10c5ad3917802a00cd0a55f25f28fe085f481a

SHA512
0565205db5ae7a080216f8499c6984ded233d4e67b1e7808f95a7e32fd71d7d6026ed6c7c82d0196f3b16fe67ba01f8a4b99fb33b406a9032574053b6908c280

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe

Filesize
192KB

MD5
a3625ac0cb8d99e3195373a8dcef838f

SHA1
3d00f73ed73137e96c644e45d11576ba35ed9ac4

SHA256
a8b07b04a6d9dc8e730480c91ca28083638f147105023bccb3ecaa63519eec97

SHA512
438009551384b2ccd42f621ab4fc66576018c43482506af44d1002aeb5334f910a24ff64fa3596ac57248f257cad2581921fabdef4ea27abc18efe9b7ff64edb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6720.exe

Filesize
192KB

MD5
a4881ea2d5df6edfafc287e6e645415d

SHA1
ff557c494747bb5a4e8a23c26ac04493526efe1d

SHA256
e65a6f4c80a9bf80781d4be54d861ebc20f6cdd0b1e740e7ea7b1db355296cef

SHA512
b58899c0c2cfe529ac8bcf57df54efe6cca4b68fe1ab6155df294c610b781e08ab04ae0f72f3f33aacdd395ca95dc82a453d1b112e38b3c694406acd41d319d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6721.exe

Filesize
192KB

MD5
2b2473bc599ebf88cc2cf0f348725f93

SHA1
92fca2a6374938638ecdef6bfc2de0b743e6a125

SHA256
aca4a619f5be0ec3e41865c2096454e8c49ed6fd4508fc50d9a33f7ff875e434

SHA512
bef9d6612bb181139610e8cb204396b2059b845a569673f2ae75fe78d13de1915c048d4e353260a7b0521d3dfd43bd90f8fd30a91de8939232cb31c0f608e565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7732.exe

Filesize
192KB

MD5
b3b1d56b86db31edfa081492e01f4693

SHA1
d471f1e0d82e74cdfb3740d1eb9452626dcbab06

SHA256
d84d1b0be184e5682dd6252a7a1d9724c0c2e1994b368228e7727a0be275a85a

SHA512
dbd48eb53aaf730c2e10f7590155d7010c55912079f008a280b3d803f92847dd5ec1037c22f82bd311baab7f67b823f02138dff6554cc5e84e7edd73fd201f27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe

Filesize
192KB

MD5
e9ffb2900234727faa9c26212f9f1998

SHA1
baa818a4fe10b2216ba0a2b20a30cf6a4ab22e21

SHA256
7b7ea2a79176c0d4074c145b93fcc61bae42772d4d8e2d3ed06c906f9d6dc008

SHA512
1cdfdb21ba777576aed8eed66da362f839cf4520079df84fbaf17e4aeac942a04fbc3de187f4e51c87544693ed39b1fc7f34d918d017e4052a44399d583c1ebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29570.exe

Filesize
192KB

MD5
2134d8b67d4fb0edca92497eccac99da

SHA1
71edd0240e93c0ba1abc1eb04f406585902016d7

SHA256
aeb9c2d7e06254053c33cb0e4ccb5f9e0dc346fee75142c9ba20853305c04be5

SHA512
2d1c2a4b4542954185e5b3ca57f8ab081f35797ac085936735152236e0f6b5dfda6e0f80767e9f9a47aeb65af16cc6858f65d2c44c69ec1c430993b9cb4b0a72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34884.exe

Filesize
192KB

MD5
c914d627018e7d4763f32fa814459fc2

SHA1
58d0ed507f9730542c117de272f85ddf7aa0c46a

SHA256
003c8353bc32ed5fcac9671128466311acefbb33ff6417dcce5a47422b402d5f

SHA512
46e549fa767499adef7165b55080e226092f8d9fa77542efd0c8c1f9b5080c8e23df16203fa6d9b8f48ac5c461f4e85c187e0fd61edca8dc6b969d4f8dcaa2ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe

Filesize
192KB

MD5
95f39382657878744b61719177fea502

SHA1
2ee03215fa6f1fcb8ed0ff3887cf2eef8d9456d4

SHA256
4ff2778234a1a893087ec3f8d0e3cd97f9dd65c1b97e112d0a734bc9426888b5

SHA512
a79f9970f52742f921b803ec0c8030033a010a6c24ea563950aa0c5bc45cb6c3f0c5696aec2687ac9724a2336c9ec83c5be09891a198cbfde7eb2823b1149433

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe

Filesize
192KB

MD5
302d1ad431716e56cbb45db4ea2ba205

SHA1
e540065316007145068ef1198209d35e37ff865f

SHA256
bf1067bb37a18ed8a8de13aa5660ff0ea5df780c9dd02128d7f1760c13b826cb

SHA512
fc1cf977ff3d5922a900e24cc026b2ae3999b704dd7eb9558721377cf5b0d222804cd27b2e199ef6e74c4fc2824a91ccabd94538df32b5ccc26b2df0f6793809

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe

Filesize
192KB

MD5
cd46164a50f857fed830e4578ddc44db

SHA1
d8f8c59833bf0e4b3b713b141c3891a2faf32956

SHA256
2e71d54b89a361e91e64b5d51f22a8c1c4af609c3357f0cc46c613ae81b41c72

SHA512
760fc8a449e29ac1873dfff6b650f10c765bc747e606c2bae96fcd874f56b7fa12dea6308b1c1468d5e7c9efec5f3f4f46ca6261a9502a5afbbba1771b7721ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe

Filesize
192KB

MD5
eb0bdca6747cdbd5a719deede54c29c1

SHA1
641dbdbe6b96cdbfbe441b19e60aefeea0ae27c6

SHA256
8973dbc994fce6874150469739665e7c4a7bdf26fe494753bde71b0255c03a35

SHA512
cedf96dc57ee088403bcf40401604cc04840a52cc1c9437eb7a58049a53b13daf1ac3bfc194798437b4fc50b3192e2628bb440b2f53443178c68132e2b858b9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe

Filesize
192KB

MD5
89cb8906191a31d2cdd653e007ad8eb2

SHA1
c126fa7adbc298db30be8fc2956184bd11b84a72

SHA256
277869369903a86c37150d6ff4754fb7e05c5a129e372a73ebb343013f92c9fc

SHA512
15338025dc7b1cf23066ef411f07f515cda31c3cebba2940ebc648876bf89656ccde9ff1e979a8a633a89fec670387314d19523337c032b8c7885079b451cb59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe

Filesize
192KB

MD5
902c82eb1330d57f9d9118f35940fe5a

SHA1
8194fff751b7a62b678930f51aca3f6497e84a92

SHA256
350015067a53ab156036066733c745888eb040b706fbfff53c8da4b31c41edb8

SHA512
843dbfc460def6253b7b9ba28cb23d6b979004bf3bb756ac07cd8236097e4df825ba409f2949603dc9494b8ae66ac85819d18018a4df65a18fb321898cd06c03

Download Submit