1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/11/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
Size

192KB
MD5

90b906b2b2ff1b502aceda585843e35a
SHA1

7dbb7d79401d42ff40ba1ced460f4c01c04c6621
SHA256

1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318
SHA512

68e4a11d0022153ddbe81f0a7b7b54242a9bca7506de175ad1f90421570d2c0e66c2ecdc5f106c01e979fc4f059d6c4fb941202b885a563469b3ed3ada63658a
SSDEEP

3072:mO08oC3wPzAUkbI0ydbwrt8R6MDwrQnErTJr6x7MZ632lVvMJ7:mOfoDsjbwdUrt8XEnA72lVvMd

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2344	Unicorn-44262.exe
2472	Unicorn-48512.exe
2424	Unicorn-24562.exe
2884	Unicorn-57879.exe
2708	Unicorn-4594.exe
2596	Unicorn-54350.exe
2600	Unicorn-44122.exe
2648	Unicorn-20172.exe
780	Unicorn-52290.exe
2036	Unicorn-56374.exe
2660	Unicorn-40592.exe
1160	Unicorn-48336.exe
2176	Unicorn-32362.exe
1904	Unicorn-56312.exe
1908	Unicorn-64480.exe
1304	Unicorn-40530.exe
1124	Unicorn-52783.exe
1308	Unicorn-60396.exe
1432	Unicorn-370.exe
1772	Unicorn-41957.exe
1672	Unicorn-8346.exe
976	Unicorn-38279.exe
2388	Unicorn-38833.exe
2384	Unicorn-34749.exe
880	Unicorn-1330.exe
2308	Unicorn-17667.exe
1604	Unicorn-21751.exe
2952	Unicorn-14137.exe
2108	Unicorn-9773.exe
276	Unicorn-22026.exe
2056	Unicorn-2160.exe
2604	Unicorn-9581.exe
2712	Unicorn-1968.exe
2624	Unicorn-46577.exe
2572	Unicorn-38963.exe
3064	Unicorn-30049.exe
2776	Unicorn-58637.exe
2772	Unicorn-17605.exe
2944	Unicorn-25773.exe
2780	Unicorn-5907.exe
2640	Unicorn-21689.exe
620	Unicorn-29857.exe
264	Unicorn-14075.exe
1476	Unicorn-9991.exe
2160	Unicorn-1735.exe
2084	Unicorn-14542.exe
652	Unicorn-42576.exe
2192	Unicorn-30878.exe
2032	Unicorn-9711.exe
1972	Unicorn-13795.exe
896	Unicorn-6182.exe
2576	Unicorn-21964.exe
3068	Unicorn-10863.exe
2128	Unicorn-6779.exe
784	Unicorn-52451.exe
2412	Unicorn-39452.exe
1624	Unicorn-31838.exe
2888	Unicorn-55788.exe
2164	Unicorn-48175.exe
2720	Unicorn-22732.exe
2832	Unicorn-48772.exe
2816	Unicorn-56940.exe
2764	Unicorn-3655.exe
2968	Unicorn-49327.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
2344	Unicorn-44262.exe
2344	Unicorn-44262.exe
2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
2424	Unicorn-24562.exe
2424	Unicorn-24562.exe
2472	Unicorn-48512.exe
2472	Unicorn-48512.exe
2344	Unicorn-44262.exe
2344	Unicorn-44262.exe
2884	Unicorn-57879.exe
2424	Unicorn-24562.exe
2884	Unicorn-57879.exe
2424	Unicorn-24562.exe
2708	Unicorn-4594.exe
2708	Unicorn-4594.exe
2472	Unicorn-48512.exe
2596	Unicorn-54350.exe
2472	Unicorn-48512.exe
2596	Unicorn-54350.exe
2648	Unicorn-20172.exe
2648	Unicorn-20172.exe
2596	Unicorn-54350.exe
2660	Unicorn-40592.exe
2596	Unicorn-54350.exe
2660	Unicorn-40592.exe
2600	Unicorn-44122.exe
2600	Unicorn-44122.exe
2884	Unicorn-57879.exe
2884	Unicorn-57879.exe
2708	Unicorn-4594.exe
2708	Unicorn-4594.exe
780	Unicorn-52290.exe
780	Unicorn-52290.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
1160	Unicorn-48336.exe
1160	Unicorn-48336.exe
2648	Unicorn-20172.exe
2648	Unicorn-20172.exe
2176	Unicorn-32362.exe
2176	Unicorn-32362.exe
1908	Unicorn-64480.exe
1908	Unicorn-64480.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
780	Unicorn-52290.exe
780	Unicorn-52290.exe
2600	Unicorn-44122.exe
2600	Unicorn-44122.exe
1304	Unicorn-40530.exe
1304	Unicorn-40530.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2440	2036	WerFault.exe	41
1848	1308	WerFault.exe	49
2856	1624	WerFault.exe	89
404	2968	WerFault.exe	96
2328	2772	WerFault.exe	70
976	2764	WerFault.exe	95
1688	2344	WerFault.exe	102
1584	264	WerFault.exe	74
1592	1852	WerFault.exe	103
2572	2928	WerFault.exe	127
2384	2548	WerFault.exe	132
2504	756	WerFault.exe	156
3064	2760	WerFault.exe	171
2788	1600	WerFault.exe	163
1928	2908	WerFault.exe	111
1992	896	WerFault.exe	195
3008	752	WerFault.exe	189
2408	2092	WerFault.exe	181
784	2668	WerFault.exe	212
2820	2348	WerFault.exe	199
2072	1400	WerFault.exe	225
2128	1916	WerFault.exe	227
3728	764	WerFault.exe	251
3132	2316	WerFault.exe	250
3164	2700	WerFault.exe	266
3788	272	WerFault.exe	277
2336	3416	WerFault.exe	301
3092	3304	WerFault.exe	319
3924	1964	WerFault.exe	314
3900	3388	WerFault.exe	326
3976	2840	WerFault.exe	292
2160	3780	WerFault.exe	354
2964	4048	WerFault.exe	383
4060	3284	WerFault.exe	408
1712	2644	WerFault.exe	356
2044	1752	WerFault.exe	371
3452	3540	WerFault.exe	374
2192	2736	WerFault.exe	376
1484	3512	WerFault.exe	398
3444	1680	WerFault.exe	367
3656	2088	WerFault.exe	423
3568	2800	WerFault.exe	441
3556	3792	WerFault.exe	447
4076	3828	WerFault.exe	442
3604	3404	WerFault.exe	444
3496	4052	WerFault.exe	469
3460	3436	WerFault.exe	500
884	840	WerFault.exe	504
3432	3932	WerFault.exe	507
4016	2204	WerFault.exe	498
2944	1488	WerFault.exe	509
2284	3288	WerFault.exe	522
3784	3380	WerFault.exe	465
4776	2084	WerFault.exe	531
4860	4032	WerFault.exe	548
5048	4300	WerFault.exe	585
4708	3724	WerFault.exe	520
4692	3112	WerFault.exe	552
4344	3660	WerFault.exe	572
4964	4104	WerFault.exe	615
1860	4852	WerFault.exe	626
3916	4980	WerFault.exe	638
4900	4992	WerFault.exe	611
1656	4128	WerFault.exe	582

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58688.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5485.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49696.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53754.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7153.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12429.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
2344	Unicorn-44262.exe
2424	Unicorn-24562.exe
2472	Unicorn-48512.exe
2884	Unicorn-57879.exe
2708	Unicorn-4594.exe
2596	Unicorn-54350.exe
2648	Unicorn-20172.exe
2600	Unicorn-44122.exe
2036	Unicorn-56374.exe
780	Unicorn-52290.exe
2660	Unicorn-40592.exe
1160	Unicorn-48336.exe
2176	Unicorn-32362.exe
1904	Unicorn-56312.exe
1908	Unicorn-64480.exe
1304	Unicorn-40530.exe
1308	Unicorn-60396.exe
1124	Unicorn-52783.exe
1432	Unicorn-370.exe
1772	Unicorn-41957.exe
1672	Unicorn-8346.exe
976	Unicorn-38279.exe
2388	Unicorn-38833.exe
880	Unicorn-1330.exe
2384	Unicorn-34749.exe
2308	Unicorn-17667.exe
1604	Unicorn-21751.exe
2952	Unicorn-14137.exe
2108	Unicorn-9773.exe
276	Unicorn-22026.exe
2056	Unicorn-2160.exe
2604	Unicorn-9581.exe
2712	Unicorn-1968.exe
2624	Unicorn-46577.exe
2572	Unicorn-38963.exe
3064	Unicorn-30049.exe
2776	Unicorn-58637.exe
2780	Unicorn-5907.exe
2772	Unicorn-17605.exe
2944	Unicorn-25773.exe
620	Unicorn-29857.exe
1476	Unicorn-9991.exe
2640	Unicorn-21689.exe
264	Unicorn-14075.exe
2160	Unicorn-1735.exe
2084	Unicorn-14542.exe
652	Unicorn-42576.exe
2192	Unicorn-30878.exe
2032	Unicorn-9711.exe
1972	Unicorn-13795.exe
896	Unicorn-6182.exe
2576	Unicorn-21964.exe
3068	Unicorn-10863.exe
2128	Unicorn-6779.exe
784	Unicorn-52451.exe
2412	Unicorn-39452.exe
1624	Unicorn-31838.exe
2888	Unicorn-55788.exe
2164	Unicorn-48175.exe
2720	Unicorn-22732.exe
2832	Unicorn-48772.exe
2968	Unicorn-49327.exe
2816	Unicorn-56940.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2344	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	31
PID 2480 wrote to memory of 2344	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	31
PID 2480 wrote to memory of 2344	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	31
PID 2480 wrote to memory of 2344	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	31
PID 2344 wrote to memory of 2472	2344	Unicorn-44262.exe	32
PID 2344 wrote to memory of 2472	2344	Unicorn-44262.exe	32
PID 2344 wrote to memory of 2472	2344	Unicorn-44262.exe	32
PID 2344 wrote to memory of 2472	2344	Unicorn-44262.exe	32
PID 2480 wrote to memory of 2424	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	33
PID 2480 wrote to memory of 2424	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	33
PID 2480 wrote to memory of 2424	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	33
PID 2480 wrote to memory of 2424	2480	1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe	33
PID 2424 wrote to memory of 2884	2424	Unicorn-24562.exe	34
PID 2424 wrote to memory of 2884	2424	Unicorn-24562.exe	34
PID 2424 wrote to memory of 2884	2424	Unicorn-24562.exe	34
PID 2424 wrote to memory of 2884	2424	Unicorn-24562.exe	34
PID 2472 wrote to memory of 2708	2472	Unicorn-48512.exe	35
PID 2472 wrote to memory of 2708	2472	Unicorn-48512.exe	35
PID 2472 wrote to memory of 2708	2472	Unicorn-48512.exe	35
PID 2472 wrote to memory of 2708	2472	Unicorn-48512.exe	35
PID 2344 wrote to memory of 2596	2344	Unicorn-44262.exe	36
PID 2344 wrote to memory of 2596	2344	Unicorn-44262.exe	36
PID 2344 wrote to memory of 2596	2344	Unicorn-44262.exe	36
PID 2344 wrote to memory of 2596	2344	Unicorn-44262.exe	36
PID 2884 wrote to memory of 2600	2884	Unicorn-57879.exe	37
PID 2884 wrote to memory of 2600	2884	Unicorn-57879.exe	37
PID 2884 wrote to memory of 2600	2884	Unicorn-57879.exe	37
PID 2884 wrote to memory of 2600	2884	Unicorn-57879.exe	37
PID 2424 wrote to memory of 2648	2424	Unicorn-24562.exe	38
PID 2424 wrote to memory of 2648	2424	Unicorn-24562.exe	38
PID 2424 wrote to memory of 2648	2424	Unicorn-24562.exe	38
PID 2424 wrote to memory of 2648	2424	Unicorn-24562.exe	38
PID 2708 wrote to memory of 780	2708	Unicorn-4594.exe	39
PID 2708 wrote to memory of 780	2708	Unicorn-4594.exe	39
PID 2708 wrote to memory of 780	2708	Unicorn-4594.exe	39
PID 2708 wrote to memory of 780	2708	Unicorn-4594.exe	39
PID 2596 wrote to memory of 2036	2596	Unicorn-54350.exe	41
PID 2596 wrote to memory of 2036	2596	Unicorn-54350.exe	41
PID 2596 wrote to memory of 2036	2596	Unicorn-54350.exe	41
PID 2596 wrote to memory of 2036	2596	Unicorn-54350.exe	41
PID 2472 wrote to memory of 2660	2472	Unicorn-48512.exe	40
PID 2472 wrote to memory of 2660	2472	Unicorn-48512.exe	40
PID 2472 wrote to memory of 2660	2472	Unicorn-48512.exe	40
PID 2472 wrote to memory of 2660	2472	Unicorn-48512.exe	40
PID 2648 wrote to memory of 1160	2648	Unicorn-20172.exe	42
PID 2648 wrote to memory of 1160	2648	Unicorn-20172.exe	42
PID 2648 wrote to memory of 1160	2648	Unicorn-20172.exe	42
PID 2648 wrote to memory of 1160	2648	Unicorn-20172.exe	42
PID 2596 wrote to memory of 2176	2596	Unicorn-54350.exe	43
PID 2596 wrote to memory of 2176	2596	Unicorn-54350.exe	43
PID 2596 wrote to memory of 2176	2596	Unicorn-54350.exe	43
PID 2596 wrote to memory of 2176	2596	Unicorn-54350.exe	43
PID 2660 wrote to memory of 1904	2660	Unicorn-40592.exe	44
PID 2660 wrote to memory of 1904	2660	Unicorn-40592.exe	44
PID 2660 wrote to memory of 1904	2660	Unicorn-40592.exe	44
PID 2660 wrote to memory of 1904	2660	Unicorn-40592.exe	44
PID 2036 wrote to memory of 2440	2036	Unicorn-56374.exe	45
PID 2036 wrote to memory of 2440	2036	Unicorn-56374.exe	45
PID 2036 wrote to memory of 2440	2036	Unicorn-56374.exe	45
PID 2036 wrote to memory of 2440	2036	Unicorn-56374.exe	45
PID 2600 wrote to memory of 1908	2600	Unicorn-44122.exe	46
PID 2600 wrote to memory of 1908	2600	Unicorn-44122.exe	46
PID 2600 wrote to memory of 1908	2600	Unicorn-44122.exe	46
PID 2600 wrote to memory of 1908	2600	Unicorn-44122.exe	46

C:\Users\Admin\AppData\Local\Temp\1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe
"C:\Users\Admin\AppData\Local\Temp\1a3d40c433d9c6d58e3604282babfae0d736f198cd88bb60baab4e4946aa3318.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39258.exe
        13⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        14⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        15⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        17⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 220
        18⤵
        Program crash
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        16⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
        17⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
        18⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        20⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
        15⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        17⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44993.exe
        18⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        19⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 224
        20⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63219.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53365.exe
        11⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22839.exe
        12⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29575.exe
        14⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        15⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        16⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 220
        17⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 224
        12⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28134.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10531.exe
        9⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        10⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27422.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        12⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
        13⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57577.exe
        15⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56586.exe
        16⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47126.exe
        17⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
        18⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        13⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13695.exe
        14⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        15⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 224
        16⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56940.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        11⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        14⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
        15⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47385.exe
        16⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55543.exe
        17⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        18⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20972.exe
        19⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        15⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        16⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 224
        17⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24393.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        13⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53311.exe
        14⤵
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 224
        15⤵
        Program crash
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
        14⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        15⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        17⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        18⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        11⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33031.exe
        12⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2299.exe
        13⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        15⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21314.exe
        16⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39342.exe
        18⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
        19⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        15⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57546.exe
        16⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        17⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        18⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        14⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
        15⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62590.exe
        16⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35066.exe
        17⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29250.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52332.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
        11⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        12⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        13⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        15⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        16⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 224
        17⤵
        Program crash
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31945.exe
        11⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 220
        12⤵
        Program crash
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7739.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        11⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
        12⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        13⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        14⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 244
        15⤵
        Program crash
        
        PID:2284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        14⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
        11⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 244
        12⤵
        Program crash
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        13⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
        14⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 244
        15⤵
        Program crash
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37264.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        14⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        15⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        16⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        17⤵
        
        PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        9⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 244
        10⤵
        Program crash
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27230.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        11⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6009.exe
        12⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9761.exe
        13⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32616.exe
        14⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
        15⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        16⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        17⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
        19⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 248
        8⤵
        Program crash
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16007.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
        11⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11245.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49642.exe
        13⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        14⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 224
        15⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        11⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 220
        12⤵
        Program crash
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
        8⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 244
        9⤵
        Program crash
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        12⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63529.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        15⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        16⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        17⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        18⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        13⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 220
        14⤵
        Program crash
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29852.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        11⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        12⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        13⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        14⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 244
        15⤵
        Program crash
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15908.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        9⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        10⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
        9⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        11⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        12⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        14⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29373.exe
        15⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24189.exe
        16⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64998.exe
        17⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34651.exe
        18⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        6⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 224
        7⤵
        Program crash
        
        PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10422.exe
        10⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 220
        11⤵
        Program crash
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23690.exe
        12⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        14⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        15⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
        16⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        17⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        18⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        19⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        14⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        15⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        16⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        17⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
        18⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4485.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54221.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        9⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 220
        10⤵
        Program crash
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60562.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19414.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        15⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
        16⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
        17⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        18⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38460.exe
        19⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        15⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        16⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        17⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        18⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6414.exe
        14⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41158.exe
        15⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10701.exe
        16⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe
        17⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        18⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1650.exe
        11⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
        13⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        14⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        15⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37774.exe
        12⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 224
        13⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 248
        8⤵
        Program crash
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        7⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 224
        8⤵
        Program crash
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        11⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
        15⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42575.exe
        16⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
        17⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7153.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        10⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 224
        11⤵
        Program crash
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        6⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        8⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        9⤵
        Program crash
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5072.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63762.exe
        10⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        11⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 224
        12⤵
        Program crash
        
        PID:4076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46577.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        10⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
        12⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        13⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50820.exe
        14⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe
        15⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        16⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        17⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16737.exe
        18⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        19⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46934.exe
        20⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        21⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        16⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        17⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        18⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        19⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
        20⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6042.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9156.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24201.exe
        11⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22730.exe
        12⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 224
        13⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35932.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
        15⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39876.exe
        16⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        17⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        18⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        19⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        20⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        15⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62621.exe
        16⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        17⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60530.exe
        18⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21439.exe
        19⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        11⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 220
        12⤵
        Program crash
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39110.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        12⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        13⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        14⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        15⤵
        Program crash
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23902.exe
        14⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4100.exe
        15⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        16⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        17⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
        18⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29707.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        12⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54878.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
        16⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
        17⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        18⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        19⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        20⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        16⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        17⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        18⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
        12⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        12⤵
        Program crash
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        13⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        14⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50509.exe
        15⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61962.exe
        16⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        17⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        18⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
        19⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41199.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        14⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        15⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36934.exe
        16⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 224
        17⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        8⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        9⤵
        Program crash
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5637.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        11⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        13⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
        14⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50561.exe
        16⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 240
        17⤵
        Program crash
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        14⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
        15⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        16⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
        18⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64701.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42434.exe
        12⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62247.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        15⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        16⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        17⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
        14⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
        16⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14229.exe
        12⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        13⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        14⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47484.exe
        15⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
        16⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27944.exe
        10⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        12⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        14⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        16⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64091.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        12⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        13⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
        14⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
        15⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        16⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
        17⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 220
        18⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23051.exe
        15⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        16⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        17⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 224
        18⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
        10⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16970.exe
        13⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 224
        14⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        11⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        12⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        14⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25206.exe
        16⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41677.exe
        17⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 224
        18⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12143.exe
        14⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
        15⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        16⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62746.exe
        18⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61470.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        11⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        12⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        13⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 240
        14⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        11⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        12⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        13⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        15⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        16⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37126.exe
        17⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 224
        18⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        14⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        16⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        17⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
        18⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        10⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 224
        11⤵
        Program crash
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        7⤵
        Program crash
        
        PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3245.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
        12⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        13⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61121.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        15⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        16⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25865.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
        18⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 224
        19⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        15⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        16⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
        17⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        18⤵
        
        PID:3944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 220
        19⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        8⤵
        
        PID:752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 200
        9⤵
        Program crash
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        8⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        9⤵
        
        PID:272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 220
        10⤵
        Program crash
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 224
        7⤵
        Program crash
        
        PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3655.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        7⤵
        Program crash
        
        PID:976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 248
        6⤵
        Program crash
        
        PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1735.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        8⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        9⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34045.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        12⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        13⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
        14⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26856.exe
        15⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        16⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        17⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
        18⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        19⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        19⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        18⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        17⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        16⤵
        Program crash
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        15⤵
        Program crash
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        14⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        11⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        12⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        13⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        14⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30089.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        16⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52969.exe
        17⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        18⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        19⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28190.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        9⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 224
        10⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51979.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50988.exe
        9⤵
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        10⤵
        Program crash
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20022.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        10⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        13⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        15⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        16⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        17⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
        10⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 220
        11⤵
        Program crash
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        10⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 224
        11⤵
        Program crash
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65480.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        15⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        16⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        17⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        18⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13270.exe
        19⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26430.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        14⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        15⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        16⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        17⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        7⤵
        
        PID:756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        8⤵
        Program crash
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39395.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
        13⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38065.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        15⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60478.exe
        16⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        17⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
        18⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39440.exe
        12⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
        12⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19337.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        10⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 244
        11⤵
        Program crash
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9597.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6255.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59486.exe
        12⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        13⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        14⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        15⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14126.exe
        16⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35367.exe
        17⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        18⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31686.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        11⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
        12⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
        13⤵
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 224
        14⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
        13⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55413.exe
        14⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        16⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        17⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46904.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54356.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 224
        10⤵
        Program crash
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37828.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52981.exe
        10⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 224
        11⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45389.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25662.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34951.exe
        11⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
        12⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        13⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        14⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        16⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
        17⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        9⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
        10⤵
        Program crash
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        9⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57976.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        11⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        13⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 244
        14⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        14⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        15⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        16⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        17⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17079.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        12⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        13⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
        14⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 220
        15⤵
        Program crash
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1792.exe
        6⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27444.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        8⤵
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 244
        9⤵
        Program crash
        
        PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe

Filesize
192KB

MD5
d04792a0a87a2058428f9829990fcbe2

SHA1
1bb193b12412331a01af229194bc83d6232da859

SHA256
0b15f01f756154c67d2ac947b720a37e3faa5e28f4541969df2c01ae2a2df3a8

SHA512
acb074ad9fbc8dd3fcd52e132254e801e24997967e6032a87e00e19616adeb933437718c6f6939af679f483e2af550bf8c826b1fb49a6f7a340a430ca6fc3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26683.exe

Filesize
192KB

MD5
c620ff59abe0f0534ed51eb25688bad8

SHA1
db6f38dedc5fae7b0baa4731cc294df2615526b4

SHA256
b49e7285785b994cea556405b50b6b5b9d41c14eb23bc6460cfbda1f599bfa4f

SHA512
bdc5bcf47d81f19d3eca1d46e1cf505360c726346cf1f85a7d3b2a6055a453b314bd4f2afd73ce0e9386a9be6f78515a8c0dbee12756dd329e22ca3eb655e329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe

Filesize
192KB

MD5
2b48f5874e744f6afbcaa98bcee582b7

SHA1
603f77c29131ccae2bb8e7ee4954c1e8791c9608

SHA256
71a00f9f501f85688ad8a8775bf842a60b4d16c89a21be5926e6847d6a4cc1a7

SHA512
8fbf8b54b59e9d3ca65f137a5bd6140f6452556176765c4504b8824b39105657184ba7fe55184516ca17d97940ff949348da74bc559d0cea2679f63feace9ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52783.exe

Filesize
192KB

MD5
b9ce2a691300d321faa6810107017be0

SHA1
c28c617e78aa4717b2e8d57be1747b7e8e45af37

SHA256
3b265fc8f17665415f05f6482d91d5ed3edfe595dc8f93935539b13ae787df6d

SHA512
77182a3ea397b9a4a672d2158f72e6b5bd0d63b6ee0a7136bbc44e2d7a5b24ac1246d043f026bfde161e05d3616ce9e50c76d20fd90d9fec12577dc126201a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54350.exe

Filesize
192KB

MD5
e051ccb227cc5fc83cd8a947f9193552

SHA1
f946153837fd3c80985d3155964092daf038e941

SHA256
643765f225fa085f2783e68cd287b92b50a7c4c68c00187b42d1661d6442d21f

SHA512
f91d0789f670b8c835e7e5503f4dd28c30ff3a4deacaf8b947848b5e7e667dd88e6fe54cdf81d5771338a9ac373472fb8bc58edfd0c46844600985e1718de8dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe

Filesize
192KB

MD5
7ebcc17933604822c2c67477c3b919f6

SHA1
03f72d6dd809fde9c5fbcc8d44bd7414d7f1f658

SHA256
c7d7de044617d6276c5811dff93c2a476098594b5d0a2f6ff85e8e4e5c0af0f6

SHA512
f646f399b84c16fd7f31f1927bc8bfb41553d21675029d132de5215e0f29ee97ed42158916cbc1d8b885d26807b6d96a83efcba2308cd66dd230a1c65fb17f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe

Filesize
192KB

MD5
142bfde7d627605bbad0c8ad6dc73654

SHA1
3302442db23f88ca278dd68fb7d6961c75882f95

SHA256
d2dfeba7e8d02d7c3c94385476fa0d4e9be6a134bdad98b1fe09bef1d878f92d

SHA512
42b7d8d05c3547066922ac9117d2b7d5231b7eeb133b716bdd3b969c1d9675ad7b39d1dc66d6ac736881e0620f6e47c32639955f5326526f5552219a7ac678d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe

Filesize
192KB

MD5
0057e3c81cc134cb876a530ef19330b6

SHA1
96a3cb8d86b3b629dedde1e0a009cd017c13d7ec

SHA256
ff699d894e043a2c6a067b962868d8ff7e6738c33d414eaa39e3faec9b82cc1e

SHA512
7f6c55ef3e418ca5ac5377e671b8ba4a37849cdf1442e296eaab31b985b28d2995009a0299c79afdc4baaf757d2bd5ae4ae12488da43f127d289a431ef9065da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe

Filesize
192KB

MD5
f8acaeb5e1d7ac71923b698609822a90

SHA1
b4c992640c4a30e6361cb3c7bc74cb946cfe0427

SHA256
2d11b967a474ffda0b11bf9107f87c205587e13005adaad1e2640612ca509b84

SHA512
5c416fd9ab8fcf9103387c68c4e1fe20507dc592d81da323f820f75b347aaf71b53b4c4d9c3f37835cf8673f14abd792943b64e6ac1be1e7533f52da8086f6cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe

Filesize
192KB

MD5
ef538fd606c2d33038f7b0e233e93bb3

SHA1
fffbef1a889f75e826f0f5042a1fd7eeee0d5c06

SHA256
0fd34dbc0a62717c6bfd89a5b6a1caba5fa709c4c86f62b8f910488586a6f598

SHA512
d0961934c092adf1ae47442a16badf95c8ec05273cdb9188a397bdad3613e1a7c3218e09c3a17eff8fd20435514049e34f5beaa4adef520715e56d6eef9deb39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe

Filesize
192KB

MD5
542ee42d6092ac8f8cc885a620529ece

SHA1
153ec72972d93caf2ebb5b9c4b1292158f8264e9

SHA256
5c58b75870eb661d56085b5602e6ba09d709a13b3387340600ec9cc7ed16af22

SHA512
62d3df953804209b86ae5a4cb11539a7226b46f268d38832e87832c13e588aa0bf3ec15b187cd9c039b91ba3e25b5c1416bf10147ba7f3176e8d675ee3d73cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe

Filesize
192KB

MD5
436f7f0eaf179b9812cdffc46aadddfe

SHA1
b25548a7117b51a64bd01767c59a2048f3255593

SHA256
60e6152d1b0a012f960e898890101d7805406fdac192a3109053fbb06cd92a93

SHA512
3129acd28a08c42a0455ac22346da1f0ddc77f08e10ed2a019fc259d624981abf96599c5de8409356b807ef000ee8b9f755b6ae69c829c7f2cc2ac4ff499f601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6202.exe

Filesize
192KB

MD5
3855150d9de3384b2aee3f8d11dccb03

SHA1
25142d9508f794d5e4954fab2579eec0bcbac25f

SHA256
514af79541a7cd137dcfa2e0dec0ce8603de5cf9a678390e9803c7d8214da0ff

SHA512
f04cf2eaa2515aa7c58b63108c708d71b00e6f8408954a60a156ad30f49984a8e22b29f02a1e1c468a00a9e175bcd9076673ecaf248b169e51ecb230a1fd4b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe

Filesize
192KB

MD5
a0fa95b4eee0d88bc5f6bf34270c07ad

SHA1
15e88bbd152b0fcc8be7f4fe4b7a3dea72c42829

SHA256
6bb3f2b095b48c3aa8769beced182c76c17eaaf34d8f0fa620db368d420b8db7

SHA512
a3e10a7fc17ca957f45177f37e8f87298fd15848cf14a9951e5ff358526d1e30243bfc1902abf41721921003e6b289365a30ed18f32e7c1e6a1b17cd8a1f3091

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe

Filesize
192KB

MD5
d6d3e59483010d593e18b5629d8f70ec

SHA1
4c0e0a14852947f6b4d309fedb7cf0bfca447a02

SHA256
56a5c4b9e430bdfe07a0e8329da28d94555ebbf4e392c4f99da54e6a08837375

SHA512
fda1c899b73ae3938525238a533ad2ba50e13f9074c477a6c3f8077c218e82ea18e21e652ef52010030cb0c445a86b75fd34a295ef593be226d2868252fbb9e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe

Filesize
192KB

MD5
f3dc13031e29266b5b8b6eac864b80e6

SHA1
232b160d1e5bfc100d321e66b6a43094fe08e4b8

SHA256
4a241ce2a752acc87c1f70f46122d00de8004346f67ff743e300f20dfb38541a

SHA512
54d41f9ec2937b15eeb1af40198ae107b633abd1c8fc19d68873dba3edb9f3d4bd480d95c07d19ae11629746e5b7466397d7ccb0f93fee59bfc8e7f8a876287f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe

Filesize
192KB

MD5
8cc8d184c7f424eaed015010fd416302

SHA1
cfbca6f3154a3bbeaee7a7d6d33582f37ed46ee8

SHA256
acf064a0ffe4294fe7004df0bc32091872e72ee46e228c01545312eaf2fe795e

SHA512
1129961409997012f2988752df7ed84422f0989e6f06c72797aa04eb72357e966e9c153f467b29edef7168ee53d6f51ccb942cfcc045cc370f3f8f57b5c1fec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe

Filesize
192KB

MD5
49eed197f58a36b827a3b86da6dca271

SHA1
7f727959b620ed13b84f03e0f6bb3eb1beeb238e

SHA256
b904e9629d024c2154381cfe866b179399e379aefcba39bce186427f8637bc1c

SHA512
c0f41790f1424c383f74d77fedb4ea75fe1033fd0bd5656cd885cf92b21e453445be950659e25e5dc19135279c72632f4cf3fc4947fadd8d23783c2cb1212eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6575.exe

Filesize
192KB

MD5
1e0ab244cab39d8ce08c345e25ce701a

SHA1
d9590d827c66d41a6219f3172e5204c17d9e2e94

SHA256
fdbabd87f07cb8f03b7a9aea09b0e7b54a1221745db25e985b706ef93f93dda1

SHA512
87134839c112028f9f986587ecca6b937b7bb0db9df35cebf06659572be691b7f22e2646cf46939c795576859bb22d336a29b993d3f945b36d995e7c6f91c58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe

Filesize
192KB

MD5
2cb2e1eefbc1b9899ec1c90cb8150249

SHA1
ad8998d55f9cbfa48d156f87ddcdb772ddce038f

SHA256
fa8c5458598a251438b0ac2b90ad0f733cb6a3ed085dfcd6d6ea085ffe0e658c

SHA512
9d5d3a9589344567811dfb8874c41db79d4ab331e569c4c30530dc661664b7452fde98de7c5b48e4647f38246c5ebdb95194504b610045541f7b5d4a72fbb67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe

Filesize
192KB

MD5
1b58cb1e4cb81f66a42776d2eb60bf06

SHA1
340aff505facb93a6c0e651e42a82a767409f7f6

SHA256
52aedb220b7e0476f57c1097cc65bda583fcf75a3d589f9050ab55cc106ca0d5

SHA512
741aa41cb4387c0a4eaae3dd6da6ac5afcc6131aa5d9e1c0996ec7bd9709fc86aef165610cd689a08931372c5d38c2ff5a8cc70b21ed68afbfc5cdd7ded08914

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe

Filesize
192KB

MD5
31b9a9f9f50a141d8c916b9f54d45146

SHA1
fec1792cab888e2db1051c9d8bcf9eb88bcd8382

SHA256
9d9f5f60d2e3d27cb1b52c48e404382f43cabc023fd2e1b2e80a3bb37f9af780

SHA512
49ccd1ff915128b79b6bff824b2303e785f88abf03c5badf01a7d9d31c79966795c6002c03609a49c3033d647c5fb51d122cb94255b5db4567afdd553c5bf23d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe

Filesize
192KB

MD5
6b185c72108ea34b60005b76b5af113e

SHA1
aa1ddd9238f1ee33b060b817d3fa0afe88d22658

SHA256
d8264a6bd23ef7764856040fc753c6d74b5095b87f78a04192ecfae2e2e01d00

SHA512
0f0f93906a4efca44dab91f49160391331b35a455687439ff7ab0d978454365ee4f1882285a1b72b2293589d8a25a42f1fb9fb219b44664218febb5eee02f55e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe

Filesize
192KB

MD5
6707f6bc5241cbe32cb47a586d5148cc

SHA1
b57449b38950a6c0fc177fdde87d8b159ac8225d

SHA256
ccd24c281a6f3787665193d0d5603606c380e5f394175c9a8ab94b9e68499fc4

SHA512
3261dd667698c24db09cf6caaad4e8f9ac855dbcd46db2634f456c1bf13ff8a8c33e1608795df70a561f6fe87f5c0f16d70ef96adfdca80bf0b06e62e579d184

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40530.exe

Filesize
192KB

MD5
8a594bca670c058b5900c9127322d7be

SHA1
0468588f6fd4679bc9897da2ec9f618e41194d27

SHA256
1a8a91205a40b1d18817c43cdbcdc06cd8255d97ef64c74eca522b71769babce

SHA512
e60aec0eccf9bfc5d077de548e223286abbbcd8160bb21a1b19b6a43aa55626172fccd0947ff8c2dbbb25418c12a9dd3f42afc34c24245a40c2d01b5ad034877

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe

Filesize
192KB

MD5
793921b0aeb21443d0d122b3fb80378f

SHA1
e7772060b3647d68783809b707046a7861cd0609

SHA256
8eaaa3ce9d8e7ad85f3a4cc68c2b037d1673109df8d1ebc9458aa1cd1ccba48e

SHA512
221e18c63936f392621f7556004de5d9b2142f8266f8a0556da18c383d25b4bbc763a0cd0677a603c4688cfa4ec2ba2618f7af3e04bdc14999cf87e28230d0f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe

Filesize
192KB

MD5
e2e708b99538375e0b38d76453744769

SHA1
6d999466e6df0e5b909b9fd747405e93b99dcc9c

SHA256
a54c16c24375cfd2df22f675902e2420201f4fcb9b6f3259eac4b95e2c85c846

SHA512
2a45c289932b44851a49e8165fead3744e2fa447b001a6b138663cf90ca453d2b91bee057c6782cfd4f5b7ede42f39e597427e4f0a2598531b327c551e17163c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44262.exe

Filesize
192KB

MD5
5fe6f819bc2676d4755c49b6b90940de

SHA1
08e4a646adb9882859b2aa6b501472708eaeebaa

SHA256
ef46d84945a88528ddda7a2d62480e3b17aa004e82d3ac5064aeae2056594df1

SHA512
161481eab31647185321ee52d0d12375d734351610f6936f0aa0c7db7b5db0cee1473aa13eb33908980466bc802a90e2d08c2cf66bc5a6a7f0c31a20f6b150a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe

Filesize
192KB

MD5
6b8bbb498b2293e1b98d3cc131608587

SHA1
375591da31d3a747e220f03b1cd7879dba336002

SHA256
05f18aa50916d19f552ea29c675f6fe2caa69522ef007711573a3969bbe58f9e

SHA512
ca7db839568eaf089c24f6f11cbb0516dbee47c9dc613b5cb4e63ecd6e33efc1f57cf5463ffe3b914221cd1dc9cf3cc81ea24985e37f172c04976d41dd4811c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe

Filesize
192KB

MD5
06de3c075cf5223e17839a129c183000

SHA1
ff55f30a05b379e7cab151b2c5afee97c16ad1d4

SHA256
2723923861a960dac5b00d217e93d8c75d106a2734d26aba99195251503e1a38

SHA512
9bbd1da0cfe6edaee523e7ea3b55ab1e528261d3ab181562442c98cc824c200c2f0382c5ce014cdd3a02c99089d423d5b7302d11e6258585bf29f392809200f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe

Filesize
192KB

MD5
1254b6205f12b0dfc650e8633e9ec692

SHA1
c07359c46d02a53302e4f0f6440277342fb47fc1

SHA256
01c126444a8a0fe9fa710d786c1d081e128c6ca96fb40bed5daa5eff2dbbcb08

SHA512
e6f9f6b1d07a4953c62a234d7d65ac4891eac8e4dc461e272b30e0990df63e032753daf84f600b8583925f2b06e19f6d5d1b211aebcd3a373d3a1f383351586e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe

Filesize
192KB

MD5
fa42d22217d36a3a9a943b7912afdf03

SHA1
a4e00e061b447c337ceed18edcc874f520fcf886

SHA256
a1e757ce98411ac0a44160908f870bdb6a3a45401f5aa0746e9ebbea1c154cce

SHA512
ab2221811993e3cbf47129d9028e53a8dc9dcaa88e69da8998c2cc3f581256eae96cea831ca239c575b046fa5b97d5ac3c78359689a9478a8814bda02830a350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56374.exe

Filesize
192KB

MD5
147a4082507363d6206e11b5e303449d

SHA1
9be4d7e32893a63be833cc4d31aef2a34f77788f

SHA256
3c900b8ab154f53c0d810b68235a12cda43c19395485a1374ea5f1976f803628

SHA512
4a7b33f6321a3d8d1bf5a34aff7c3f94da13305f80fa60fbc56c29c1673f9ab96fac29a9b0bf5d2745eaea244f3764c0294ed5542216e5dacc69a8f6a32387a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe

Filesize
192KB

MD5
9c1ca5168756ab672d0c8fedb6637252

SHA1
ab8a04c4ef7404cd4697264217c9f8bf60c4bf4c

SHA256
3215f2b708e9ed8d2192b318687fa6c01aa6fb86eb1e1df5ee567f21fa6b102b

SHA512
d02bd75ae27c07d633f345aedb8fff083f7f3d543cc6a6a557d658f0d1c8efd290537e031b23b01f60ea3d251c424cee9eba2ebf1b38f747c19f902397f57a0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe

Filesize
192KB

MD5
fa0dd11565bbdb8deadf2f3e9fc0d494

SHA1
1e2d16e34bc60b274e8cda956c9538e356057ed1

SHA256
f90bb465500ace6ab08ad80dbe1f05d61d0057573f72a76ee69ba6ca1f6bdeee

SHA512
73e97549865d3a4ef660302e346d6bebc4df6077065c46b7ac163f233d07a78d63072b5312a01343c7a29202e7699af458745519e117e2178482ef927f7bc9ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe

Filesize
192KB

MD5
2cc31378bb50886697d2def59c720252

SHA1
453a5d5e22bd4c8f55229cd60b4d7e9fd93c6db4

SHA256
131ce99ff1b3eae3b8ee09feb7810195c1c720c1d2a009eff9b83df3a024581a

SHA512
e2b69b6cdb20f7fd3cbe81c9680413d9e7bddd8267158fd501df9f16a6dce1a26e86b3855f5e0ba33353f3f61f74f197d0e5975489cd1eabfe0c39d4852d331c

Download Submit