d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/09/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
Size

468KB
MD5

0e618c736587a3b543a84d8efacc0ed6
SHA1

3150553809b1b0f2b41528e11017cf7ced8968a3
SHA256

d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323
SHA512

b61b7faa4acff774ec615970487cab769fb97295daa0c14f4aa6ea39be6cb7b38def69d3f79582cdee31141ba30cacf44ef1926ecc2db5da7d2961144eee992c
SSDEEP

3072:mrz7ogExjz8YFbYWPz3yqf8/Eptj7ApgPmHx+lO0E9E0AxI1SDl0:mrfoXAYF1PDyqf/8taE9NUI1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1680	Unicorn-49436.exe
2772	Unicorn-39331.exe
1732	Unicorn-34885.exe
2856	Unicorn-645.exe
2896	Unicorn-30364.exe
2888	Unicorn-50230.exe
2864	Unicorn-50068.exe
2304	Unicorn-39535.exe
1572	Unicorn-45902.exe
1480	Unicorn-33095.exe
2580	Unicorn-51277.exe
2916	Unicorn-37537.exe
1152	Unicorn-37802.exe
2912	Unicorn-37802.exe
1996	Unicorn-43894.exe
568	Unicorn-31637.exe
1060	Unicorn-36851.exe
1600	Unicorn-5487.exe
1148	Unicorn-45487.exe
1388	Unicorn-31336.exe
756	Unicorn-6368.exe
2168	Unicorn-19515.exe
2504	Unicorn-59862.exe
2420	Unicorn-59862.exe
1432	Unicorn-50932.exe
2340	Unicorn-41340.exe
1748	Unicorn-61206.exe
1592	Unicorn-58528.exe
1616	Unicorn-32081.exe
2400	Unicorn-14776.exe
1964	Unicorn-45347.exe
2780	Unicorn-37444.exe
2744	Unicorn-13323.exe
2592	Unicorn-24589.exe
2704	Unicorn-49670.exe
2044	Unicorn-51855.exe
2144	Unicorn-51663.exe
2852	Unicorn-59831.exe
1516	Unicorn-44730.exe
1548	Unicorn-28008.exe
2692	Unicorn-47344.exe
2056	Unicorn-45895.exe
592	Unicorn-37046.exe
2092	Unicorn-51536.exe
1624	Unicorn-32246.exe
1644	Unicorn-10970.exe
688	Unicorn-19715.exe
2448	Unicorn-7825.exe
1880	Unicorn-24545.exe
2104	Unicorn-22516.exe
1268	Unicorn-42382.exe
2424	Unicorn-42382.exe
1132	Unicorn-42382.exe
2192	Unicorn-42382.exe
3020	Unicorn-53648.exe
1728	Unicorn-7711.exe
2696	Unicorn-1846.exe
2260	Unicorn-7976.exe
2540	Unicorn-7976.exe
2716	Unicorn-46056.exe
2300	Unicorn-384.exe
2764	Unicorn-16529.exe
2960	Unicorn-40073.exe
2660	Unicorn-20399.exe

Loads dropped DLL 64 IoCs

pid	Process
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
1680	Unicorn-49436.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
1680	Unicorn-49436.exe
1732	Unicorn-34885.exe
1732	Unicorn-34885.exe
2772	Unicorn-39331.exe
1680	Unicorn-49436.exe
2772	Unicorn-39331.exe
1680	Unicorn-49436.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2856	Unicorn-645.exe
2856	Unicorn-645.exe
1732	Unicorn-34885.exe
1732	Unicorn-34885.exe
2896	Unicorn-30364.exe
2896	Unicorn-30364.exe
1680	Unicorn-49436.exe
1680	Unicorn-49436.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2864	Unicorn-50068.exe
2864	Unicorn-50068.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2888	Unicorn-50230.exe
2888	Unicorn-50230.exe
2772	Unicorn-39331.exe
2772	Unicorn-39331.exe
2304	Unicorn-39535.exe
2304	Unicorn-39535.exe
2856	Unicorn-645.exe
2856	Unicorn-645.exe
1480	Unicorn-33095.exe
1480	Unicorn-33095.exe
2896	Unicorn-30364.exe
2896	Unicorn-30364.exe
1572	Unicorn-45902.exe
1572	Unicorn-45902.exe
1732	Unicorn-34885.exe
1732	Unicorn-34885.exe
2916	Unicorn-37537.exe
2916	Unicorn-37537.exe
1152	Unicorn-37802.exe
2912	Unicorn-37802.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
1152	Unicorn-37802.exe
2912	Unicorn-37802.exe
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
2864	Unicorn-50068.exe
2864	Unicorn-50068.exe
1996	Unicorn-43894.exe
1996	Unicorn-43894.exe
2888	Unicorn-50230.exe
2888	Unicorn-50230.exe
2772	Unicorn-39331.exe
2580	Unicorn-51277.exe
2772	Unicorn-39331.exe
2580	Unicorn-51277.exe
1680	Unicorn-49436.exe
1680	Unicorn-49436.exe
1388	Unicorn-31336.exe
1388	Unicorn-31336.exe

Program crash 41 IoCs

pid	pid_target	Process	procid_target
2456	1148	WerFault.exe	49
2788	2168	WerFault.exe	52
1612	2780	WerFault.exe	62
2608	2748	WerFault.exe	111
2432	1060	WerFault.exe	47
2712	2896	WerFault.exe	35
980	2916	WerFault.exe	41
2848	2504	WerFault.exe	53
3596	2304	WerFault.exe	37
3788	1480	WerFault.exe	39
3628	1640	WerFault.exe	101
3584	1592	WerFault.exe	58
4112	1028	WerFault.exe	117
4200	2680	WerFault.exe	183
4316	1604	WerFault.exe	105
4340	2056	WerFault.exe	72
4308	1072	WerFault.exe	97
4296	2960	WerFault.exe	95
4280	2496	WerFault.exe	115
4104	2412	WerFault.exe	107
4368	2540	WerFault.exe	89
4716	2076	WerFault.exe	121
4796	1432	WerFault.exe	55
5020	2912	WerFault.exe	42
5028	1152	WerFault.exe	43
4324	1996	WerFault.exe	44
5116	1748	WerFault.exe	57
5176	2596	WerFault.exe	112
5700	2476	WerFault.exe	125
5256	568	WerFault.exe	45
5348	1728	WerFault.exe	87
5412	2364	WerFault.exe	109
5684	2864	WerFault.exe	36
7036	2696	WerFault.exe	88
7068	2716	WerFault.exe	92
7052	1268	WerFault.exe	83
6784	1852	WerFault.exe	127
6912	2764	WerFault.exe	94
6280	612	WerFault.exe	145
6948	2996	WerFault.exe	131
6404	688	WerFault.exe	77

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41426.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38994.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59862.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54719.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60851.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24788.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19503.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20795.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49436.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55515.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
1680	Unicorn-49436.exe
1732	Unicorn-34885.exe
2772	Unicorn-39331.exe
2856	Unicorn-645.exe
2896	Unicorn-30364.exe
2888	Unicorn-50230.exe
2864	Unicorn-50068.exe
2304	Unicorn-39535.exe
1480	Unicorn-33095.exe
1572	Unicorn-45902.exe
2580	Unicorn-51277.exe
2912	Unicorn-37802.exe
2916	Unicorn-37537.exe
1152	Unicorn-37802.exe
1996	Unicorn-43894.exe
1060	Unicorn-36851.exe
568	Unicorn-31637.exe
1148	Unicorn-45487.exe
1600	Unicorn-5487.exe
1388	Unicorn-31336.exe
756	Unicorn-6368.exe
2168	Unicorn-19515.exe
2420	Unicorn-59862.exe
2504	Unicorn-59862.exe
1432	Unicorn-50932.exe
2340	Unicorn-41340.exe
1748	Unicorn-61206.exe
1592	Unicorn-58528.exe
1616	Unicorn-32081.exe
2400	Unicorn-14776.exe
1964	Unicorn-45347.exe
2744	Unicorn-13323.exe
2780	Unicorn-37444.exe
2592	Unicorn-24589.exe
2704	Unicorn-49670.exe
2044	Unicorn-51855.exe
2144	Unicorn-51663.exe
2852	Unicorn-59831.exe
1516	Unicorn-44730.exe
1548	Unicorn-28008.exe
2692	Unicorn-47344.exe
2056	Unicorn-45895.exe
2092	Unicorn-51536.exe
592	Unicorn-37046.exe
1624	Unicorn-32246.exe
1644	Unicorn-10970.exe
688	Unicorn-19715.exe
2192	Unicorn-42382.exe
2448	Unicorn-7825.exe
2104	Unicorn-22516.exe
1268	Unicorn-42382.exe
1880	Unicorn-24545.exe
2424	Unicorn-42382.exe
1132	Unicorn-42382.exe
2696	Unicorn-1846.exe
3020	Unicorn-53648.exe
2540	Unicorn-7976.exe
1728	Unicorn-7711.exe
2300	Unicorn-384.exe
2716	Unicorn-46056.exe
2960	Unicorn-40073.exe
2764	Unicorn-16529.exe
1072	Unicorn-61432.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1680	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	30
PID 2032 wrote to memory of 1680	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	30
PID 2032 wrote to memory of 1680	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	30
PID 2032 wrote to memory of 1680	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	30
PID 2032 wrote to memory of 2772	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	32
PID 2032 wrote to memory of 2772	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	32
PID 2032 wrote to memory of 2772	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	32
PID 2032 wrote to memory of 2772	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	32
PID 1680 wrote to memory of 1732	1680	Unicorn-49436.exe	31
PID 1680 wrote to memory of 1732	1680	Unicorn-49436.exe	31
PID 1680 wrote to memory of 1732	1680	Unicorn-49436.exe	31
PID 1680 wrote to memory of 1732	1680	Unicorn-49436.exe	31
PID 1732 wrote to memory of 2856	1732	Unicorn-34885.exe	33
PID 1732 wrote to memory of 2856	1732	Unicorn-34885.exe	33
PID 1732 wrote to memory of 2856	1732	Unicorn-34885.exe	33
PID 1732 wrote to memory of 2856	1732	Unicorn-34885.exe	33
PID 2772 wrote to memory of 2888	2772	Unicorn-39331.exe	34
PID 2772 wrote to memory of 2888	2772	Unicorn-39331.exe	34
PID 2772 wrote to memory of 2888	2772	Unicorn-39331.exe	34
PID 2772 wrote to memory of 2888	2772	Unicorn-39331.exe	34
PID 1680 wrote to memory of 2896	1680	Unicorn-49436.exe	35
PID 1680 wrote to memory of 2896	1680	Unicorn-49436.exe	35
PID 1680 wrote to memory of 2896	1680	Unicorn-49436.exe	35
PID 1680 wrote to memory of 2896	1680	Unicorn-49436.exe	35
PID 2032 wrote to memory of 2864	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	36
PID 2032 wrote to memory of 2864	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	36
PID 2032 wrote to memory of 2864	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	36
PID 2032 wrote to memory of 2864	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	36
PID 2856 wrote to memory of 2304	2856	Unicorn-645.exe	37
PID 2856 wrote to memory of 2304	2856	Unicorn-645.exe	37
PID 2856 wrote to memory of 2304	2856	Unicorn-645.exe	37
PID 2856 wrote to memory of 2304	2856	Unicorn-645.exe	37
PID 1732 wrote to memory of 1572	1732	Unicorn-34885.exe	38
PID 1732 wrote to memory of 1572	1732	Unicorn-34885.exe	38
PID 1732 wrote to memory of 1572	1732	Unicorn-34885.exe	38
PID 1732 wrote to memory of 1572	1732	Unicorn-34885.exe	38
PID 2896 wrote to memory of 1480	2896	Unicorn-30364.exe	39
PID 2896 wrote to memory of 1480	2896	Unicorn-30364.exe	39
PID 2896 wrote to memory of 1480	2896	Unicorn-30364.exe	39
PID 2896 wrote to memory of 1480	2896	Unicorn-30364.exe	39
PID 1680 wrote to memory of 2580	1680	Unicorn-49436.exe	40
PID 1680 wrote to memory of 2580	1680	Unicorn-49436.exe	40
PID 1680 wrote to memory of 2580	1680	Unicorn-49436.exe	40
PID 1680 wrote to memory of 2580	1680	Unicorn-49436.exe	40
PID 2864 wrote to memory of 2912	2864	Unicorn-50068.exe	42
PID 2032 wrote to memory of 2916	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	41
PID 2864 wrote to memory of 2912	2864	Unicorn-50068.exe	42
PID 2032 wrote to memory of 2916	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	41
PID 2032 wrote to memory of 2916	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	41
PID 2032 wrote to memory of 2916	2032	d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe	41
PID 2864 wrote to memory of 2912	2864	Unicorn-50068.exe	42
PID 2864 wrote to memory of 2912	2864	Unicorn-50068.exe	42
PID 2888 wrote to memory of 1152	2888	Unicorn-50230.exe	43
PID 2888 wrote to memory of 1152	2888	Unicorn-50230.exe	43
PID 2888 wrote to memory of 1152	2888	Unicorn-50230.exe	43
PID 2888 wrote to memory of 1152	2888	Unicorn-50230.exe	43
PID 2772 wrote to memory of 1996	2772	Unicorn-39331.exe	44
PID 2772 wrote to memory of 1996	2772	Unicorn-39331.exe	44
PID 2772 wrote to memory of 1996	2772	Unicorn-39331.exe	44
PID 2772 wrote to memory of 1996	2772	Unicorn-39331.exe	44
PID 2304 wrote to memory of 568	2304	Unicorn-39535.exe	45
PID 2304 wrote to memory of 568	2304	Unicorn-39535.exe	45
PID 2304 wrote to memory of 568	2304	Unicorn-39535.exe	45
PID 2304 wrote to memory of 568	2304	Unicorn-39535.exe	45

C:\Users\Admin\AppData\Local\Temp\d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe
"C:\Users\Admin\AppData\Local\Temp\d2ff134ab785452f6c2386ffa1ad7e8c858d77796a5a80a8891345c5932c7323.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        9⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56049.exe
        9⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        8⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        9⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        9⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        8⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        8⤵
        Program crash
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        7⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        7⤵
        Program crash
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46041.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56889.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        7⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        7⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        7⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        7⤵
        Program crash
        
        PID:5700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        6⤵
        Program crash
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        8⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        7⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        7⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        6⤵
        Program crash
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        6⤵
        
        PID:5428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        6⤵
        Program crash
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1491.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        5⤵
        
        PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        8⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        8⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9501.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        8⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38829.exe
        8⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:8004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17985.exe
        6⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29209.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        7⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        6⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42225.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        8⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        7⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        7⤵
        Program crash
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        6⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        6⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        7⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        7⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        6⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        6⤵
        
        PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        6⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        6⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        5⤵
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
        5⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        5⤵
        
        PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
        5⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        5⤵
        
        PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63590.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14469.exe
        7⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        7⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        6⤵
        
        PID:5336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        6⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        6⤵
        
        PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24981.exe
        6⤵
        
        PID:2060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        6⤵
        Program crash
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18308.exe
        5⤵
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        5⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        5⤵
        
        PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        5⤵
        
        PID:4920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        5⤵
        Program crash
        
        PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30063.exe
      4⤵
      PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13381.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
      4⤵
      PID:4968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
      4⤵
      PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20866.exe
      4⤵
      PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8033.exe
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
        8⤵
        Program crash
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        8⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        8⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        7⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        7⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        7⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        7⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
        8⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        7⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        7⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        7⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16651.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18525.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        6⤵
        
        PID:6764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        7⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        7⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        7⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        6⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        5⤵
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        6⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        6⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        6⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44868.exe
        5⤵
        
        PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        5⤵
        Program crash
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        7⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        7⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        7⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57006.exe
        6⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35244.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        6⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        6⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        6⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        6⤵
        
        PID:7884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
        5⤵
        Program crash
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47344.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        6⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57390.exe
        5⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21560.exe
        6⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        6⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29833.exe
        5⤵
        
        PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        5⤵
        
        PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        5⤵
        
        PID:7872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        5⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38902.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
        5⤵
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        5⤵
        
        PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:7432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
      4⤵
      Program crash
      PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
        7⤵
        Program crash
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        6⤵
        
        PID:3572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        6⤵
        Program crash
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19128.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43066.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
        5⤵
        
        PID:7320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27875.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
        5⤵
        
        PID:6928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        5⤵
        
        PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
        5⤵
        
        PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        5⤵
        
        PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        5⤵
        
        PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
      4⤵
      PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
      4⤵
      PID:7104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1235.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        5⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        6⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26410.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5042.exe
        6⤵
        
        PID:6480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        6⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        5⤵
        Program crash
        
        PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
      4⤵
      PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      4⤵
      PID:8156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
    3⤵
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      4⤵
      PID:7844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
    3⤵
    PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
    3⤵
    PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
    3⤵
    PID:7936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        8⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        8⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        7⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        7⤵
        Program crash
        
        PID:6912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        6⤵
        Program crash
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61432.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        6⤵
        Program crash
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        5⤵
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:6108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
        6⤵
        Program crash
        
        PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        5⤵
        
        PID:3592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        5⤵
        Program crash
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        5⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        6⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        6⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        5⤵
        
        PID:3404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        5⤵
        Program crash
        
        PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        5⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9137.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21108.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        5⤵
        
        PID:7364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8540.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48915.exe
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
      4⤵
      PID:8000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        8⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        7⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        7⤵
        Program crash
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        6⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
        6⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3456.exe
        5⤵
        
        PID:2748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
        6⤵
        Program crash
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        5⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        6⤵
        
        PID:7192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        5⤵
        
        PID:3656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        5⤵
        Program crash
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11526.exe
        5⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        6⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        6⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        5⤵
        
        PID:4044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        5⤵
        Program crash
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        5⤵
        
        PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
      4⤵
      PID:3936
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
      4⤵
      Program crash
      PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
      4⤵
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55863.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59290.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
        5⤵
        
        PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
      4⤵
      PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22199.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        5⤵
        
        PID:6944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        5⤵
        
        PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
      4⤵
      PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      4⤵
      PID:7264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
    3⤵
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
      4⤵
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
      4⤵
      PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
      4⤵
      PID:6852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      4⤵
      PID:7832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55265.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32090.exe
    3⤵
    PID:5816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
    3⤵
    PID:6720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23653.exe
    3⤵
    PID:7456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        7⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
        7⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        7⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        6⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        
        PID:6528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        6⤵
        Program crash
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        6⤵
        
        PID:6964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        6⤵
        
        PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        5⤵
        
        PID:5972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        5⤵
        
        PID:6456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        5⤵
        
        PID:7916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        6⤵
        
        PID:7424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
        6⤵
        
        PID:8576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        5⤵
        
        PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:8188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        5⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54454.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60804.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
      4⤵
      Program crash
      PID:5020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63053.exe
        7⤵
        
        PID:8524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21443.exe
        6⤵
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        6⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        6⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        6⤵
        
        PID:8136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:5488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        6⤵
        Program crash
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        5⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        5⤵
        
        PID:6744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
      4⤵
      Executes dropped EXE
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
        6⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        6⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        6⤵
        
        PID:7144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        6⤵
        
        PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        5⤵
        
        PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
        5⤵
        
        PID:6204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
      4⤵
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
      4⤵
      PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65053.exe
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56045.exe
      4⤵
      PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40913.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43957.exe
      4⤵
      PID:7944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37046.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48153.exe
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2857.exe
        5⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        5⤵
        
        PID:6248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        5⤵
        
        PID:7472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54801.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
      4⤵
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
      4⤵
      PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      4⤵
      PID:8164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39912.exe
    3⤵
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
      4⤵
      PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52380.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
      4⤵
      PID:5260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
      4⤵
      Program crash
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
    3⤵
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
      4⤵
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
      4⤵
      PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
    3⤵
    PID:4260
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
    3⤵
    - Program crash
    PID:5684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7976.exe
      4⤵
      Executes dropped EXE
      PID:2260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
      4⤵
      Program crash
      PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18981.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
      4⤵
      PID:5448
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
      4⤵
      Program crash
      PID:7068
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
    3⤵
    - Program crash
    PID:980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50932.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
        5⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        7⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        6⤵
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3482.exe
        5⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        6⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        6⤵
        
        PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        5⤵
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        5⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        5⤵
        
        PID:7984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
        5⤵
        
        PID:3988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        5⤵
        Program crash
        
        PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37981.exe
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54799.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55891.exe
        5⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        5⤵
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14819.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
      4⤵
      PID:4236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
      4⤵
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23253.exe
      4⤵
      PID:6792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      4⤵
      PID:7868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24545.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
      4⤵
      PID:3964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
      4⤵
      PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
      4⤵
      PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
      4⤵
      PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
      4⤵
      PID:7372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
    3⤵
    PID:532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50906.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10138.exe
      4⤵
      PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
      4⤵
      PID:8096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
    3⤵
    - Program crash
    PID:4796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28008.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49668.exe
    3⤵
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
      4⤵
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        5⤵
        
        PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        5⤵
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44046.exe
        5⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        5⤵
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
      4⤵
      PID:3420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
      4⤵
      Program crash
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
    3⤵
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35478.exe
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29127.exe
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
    3⤵
    PID:5136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
    3⤵
    PID:6096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
    3⤵
    PID:6708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
    3⤵
    PID:7904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
  2⤵
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7631.exe
    3⤵
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
    3⤵
    PID:5900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
    3⤵
    PID:6616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
    3⤵
    PID:7116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
    3⤵
    PID:7440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
  2⤵
  PID:1108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
  2⤵
  PID:3076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
  2⤵
  PID:5360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
  2⤵
  PID:7252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe

Filesize
468KB

MD5
81cabc48505bed9480329dc4510ea95c

SHA1
d0876fe679d267adf5fd33eef6f2af096cc9b5fb

SHA256
41487c337162e9612aed76a5f5657526d5c4503c125f35051383ac9a7be9491f

SHA512
9ad3cec21fe734e77cc419a380b7fad324906ddbb4700879a6b877e5fd30d957994f1d2858bf1859f04210ffddbe7eaaeda924f20933b932fb9494c8c93f477c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe

Filesize
468KB

MD5
63d0aef8d2f32129931317a316ea7f0e

SHA1
5a52c5ec05f4e9695e2993d70de44c53159629f1

SHA256
62af67283a45af7ebad52ca44e08f57d626c56a4de35894480d87959f62d76ee

SHA512
66d6116ef79bc5713075a28a8e185a33cfb4c641f3d62e7cda98e003bb412de774f936a5d9b0f2122cccff3168a2e2711721eeb936921ad9683f857bc1f46f33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe

Filesize
468KB

MD5
4e7ba3a9e056bf3ed7fddfdd333a27aa

SHA1
8eb180994ecd62025ca2c683f939b03ceaa9b2e5

SHA256
d3982cd1881a88afeb76c1aae15120f08bb7603c22caefb076cce1be7ce2fec7

SHA512
005013b46df1d4b9b75ec43c514d9d3e04bfca605f3a626ac15aa1fcfcfba3744b6c106a89f9c6b163a4cec8ac2af41e7e977f51b70effe4f17d8d556f3957e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe

Filesize
468KB

MD5
00cfb4270f80a49d84173d2da19c0e02

SHA1
566d5e31374f42965fdfd9de829bb7373cf7a6f2

SHA256
3dfb4065f9017525380d82b8d533b4490e61d5b1183eb606726945ce2f9b7ec3

SHA512
f9a0c28f613ddf6d9259450fec693eed11c2a76f790b7cfca84616d84bf6af8fad350beb5a703d1ec394f593ac8bc51885862ff30f29f02c642483af3ae94bc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe

Filesize
468KB

MD5
801d1fc825a59464374862f9ccd55de9

SHA1
42c7ad42a9be9e4d09e21bbae8a6c5e4c8a14642

SHA256
96a5aaec4eb35e788fa68dbce0b6aaf9105f5be7fc8976ab28bf355f9a649557

SHA512
26c0aca26357d43e36498412a6177e8eead2ce6c80a21df65be44124ed4223840347427e2ae1a788a9d3f99b49cdcac13d51843495f08c7342be076bad77af4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe

Filesize
468KB

MD5
3038e1bb66c4ca9e988518021908585d

SHA1
b80c090c89e901d49a694bf0cfe7a44c79b5603d

SHA256
c9eb53f1779b8b16005f0bfc9a3bb00eaf52ed9077eb15b3cc93f08d38842984

SHA512
8767e94398299b68496a5720dca00d80b4b7e05a714bf0bdc3dd1153988aa72dc07e8bd78594f777d92443ebf089660a5bbdd01754416453281a3d3c06c65ee0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe

Filesize
468KB

MD5
e58f923cd0af80ac370328f012c611e1

SHA1
e83727b80a5bc9e76516f73c9bf775b4a83b81fb

SHA256
99b2dd08b9fea91a2a07ca993397afa175741293d5c03deafcf6cd5540927385

SHA512
03449b89a1541ca4e2f8d77e8a1ab14ed9370a3bdece1a849d2063949796696864eba628005be5b84aa5967b4e05965249ef44c0c5a90b62ea788fa4e4848b6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe

Filesize
468KB

MD5
e12ff961bc0dac84e209219a29e76df8

SHA1
a90abf5db9e5ebbe72bdf591919240cffcf9b434

SHA256
d8a981ab6e2243ed50ad0d99304cd9e4e5425e91efc6607f027878c411c729dd

SHA512
7aa33d14dbc2c0a0a7f89ae6de4b84aef2ca2b942727673b8db105dc812209090c3c15153147398de91619c6f33107450e57acd6631e31cf2fd01f0b878994b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37802.exe

Filesize
468KB

MD5
a705b6835ae1c8d7088cf84be0d08f11

SHA1
5aa5e8305c4b2999084d79c3985f9aa650aedcc0

SHA256
e1d88ad76523f4ef136a8548bc8921d8eaf91e3098d7bc7cc5ce666bb5aedabb

SHA512
33aed8a5c8c90f4397c686a119f23f4befde6f9bfd41dfb34a32d1c55bc8fb531cca1acfe89b3bfd94a3c0d4d844a68b1fbb6b239f60bab8dfa2baa38735d3cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe

Filesize
468KB

MD5
de25f27421ba687010e9423df4b599f6

SHA1
4ed5c278ab7d8188980363b7063c979e90e8acf3

SHA256
db95e7910bbc5d468e2e1bbaf8a36f0df04e0ad85b005a34bd77bf5e848b1b6e

SHA512
e55e9f8526f76ace15fac8db6a369f1f4f5ba1e91ba0bc5423da14941217ecd9f72ca365cc65a85b1dcef59aed32f87d4d1097f579d4c2f5865b892c69463415

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45902.exe

Filesize
468KB

MD5
04f30fa6620a73b0f2fe124ffd56f9a9

SHA1
01a4a664ae491ac5c2bb55f93556155b43a0e3d6

SHA256
d9eb5475a420d8b1e42624e8f80a39ed2adc1c38a679360c670b079b9ed5adff

SHA512
fed8c84e42cbb5513a864e01fce108a31fcda6e93b1155b87ee916ec5624bbb4642fc4f8f8c83eeb088ace8afda0e6b174d6c0229cfd91bf22eb51a5b04bc03b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe

Filesize
468KB

MD5
f6097e414861abb24244fadd2fa05822

SHA1
ca6c3bc7e76aa4de5c7773269ac54eb47d73b085

SHA256
b759079d499705587518e0e4d39ec03aed511d0a56b261ca911a7ca9cb77f30f

SHA512
cfc20522f4e6311a801a52c9f538a45f3861a075c2caa0f8c318bb7fb1a0e770367261ccc7276e08c1d7c9edbbb0f7c0be5d51ef408ec586e007825d59dc9203

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe

Filesize
468KB

MD5
a6f04e6d7398e19948cd615cf5ff2ed7

SHA1
7d96397340466df8585076a285bf1a1a880e300a

SHA256
60f044429fc6932b791e4bd82affc6b7b8484388a2c32b44971f0e22e9048211

SHA512
bcd45e3f2873786d2b7a8595c16daaf97967ff58472367aa0b48b6c608e821d11964183362f972ca4ca75fbc9c902ef0dfc1e581d54fbf188b0a7a8c8ce9dd61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe

Filesize
468KB

MD5
fc4932f43e4b2370e9e1c2e3bc11b92a

SHA1
adc7b82caa70795b71008a75d645672044f78023

SHA256
e7c054c4803313eadbe1c2053a97cf2451cbca65e19d6f20adbc5f1b86bc0519

SHA512
14bd70083c61277d901ff78bf4b205f9cb845c6ab9b9eab35dd7522557db62d860fde76cea5978c551af243d08a7c03605024f2c8d150f9259782c8ffeb6a508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe

Filesize
468KB

MD5
3589e4d5279334d7414a4a6349fd3801

SHA1
c639636c8b177d3563e26a4e11ad90d2c41f603d

SHA256
c935b56b341f37ea2176448e7cda59d3e384689bca0961b268d5ae91e786567e

SHA512
67f82ef1764cc3477c4b05fdb3369c78867d42578fdcf8675a9649f1c416a54a763f600b6dad2f6356892265fde51744a1cfea54ca379331158234cfcc63583f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe

Filesize
468KB

MD5
d52007b9a3292ad153d1de1fe3f99327

SHA1
59c896ff589257deb4567e1eed1cfddf4be46bd9

SHA256
fd1da5f15699010e3d3b5846d207662d624ad7de40b737c6e2c7f6ae0679a17e

SHA512
0448e0a4b07f0c84b5de6c612632608f9b1c1d797789e5d00e0ceaf63bcb30d14b80aeb4ffb4bcaf388e424a6b76be7b31caeee20626c3f108ffbb284c0821dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-645.exe

Filesize
468KB

MD5
ee1e5f97055c0ed748035bf4fba1ffd6

SHA1
b26c6c259c415d939f3a3191d3173784d5d6dd64

SHA256
1ff9a515aa3b83c94d7a4ad8163c7288712e5a50c87f859c88e7a3024b0a778d

SHA512
900c5736b81de8a73ba82aa8f171c9877b805c49d08699956811c6b006d11a97b8136e0f54ac77afd6aaf7b04b1fe3d19c723167909e3667186bc8b52a4b3fb4

Download Submit
memory/568-194-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/756-249-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1060-205-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-227-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1148-385-0x0000000000AB0000-0x0000000000B25000-memory.dmp

Filesize
468KB

Download
memory/1148-386-0x0000000000AB0000-0x0000000000B25000-memory.dmp

Filesize
468KB

Download
memory/1152-269-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/1152-274-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/1152-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1388-350-0x00000000026F0000-0x0000000002765000-memory.dmp

Filesize
468KB

Download
memory/1388-347-0x00000000026F0000-0x0000000002765000-memory.dmp

Filesize
468KB

Download
memory/1432-402-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/1432-276-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-392-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/1480-365-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1480-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1480-216-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1480-210-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1480-364-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1572-375-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/1572-232-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/1572-234-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/1572-374-0x0000000001F60000-0x0000000001FD5000-memory.dmp

Filesize
468KB

Download
memory/1592-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-348-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/1600-351-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/1616-323-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1680-336-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1680-332-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1680-130-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1680-68-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1680-27-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1732-46-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1732-248-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1732-250-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1732-106-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/1748-395-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/1748-403-0x0000000002740000-0x00000000027B5000-memory.dmp

Filesize
468KB

Download
memory/1748-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1964-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-172-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1996-296-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1996-294-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2032-273-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-7-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-163-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-12-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2032-139-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-275-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2032-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2168-259-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-192-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2304-193-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2304-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-416-0x0000000001D00000-0x0000000001D75000-memory.dmp

Filesize
468KB

Download
memory/2340-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2400-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-131-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-328-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/2580-321-0x0000000002070000-0x00000000020E5000-memory.dmp

Filesize
468KB

Download
memory/2592-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-376-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-349-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2772-169-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2772-320-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2772-322-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2772-168-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2772-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2780-352-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2852-405-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-204-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2856-203-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2856-96-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2856-48-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-287-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2864-140-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2864-289-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2864-162-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/2864-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-167-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/2888-311-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/2888-310-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/2888-166-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/2888-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-220-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2896-69-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2896-226-0x00000000028C0000-0x0000000002935000-memory.dmp

Filesize
468KB

Download
memory/2912-272-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2912-270-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2916-257-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download
memory/2916-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2916-258-0x0000000002530000-0x00000000025A5000-memory.dmp

Filesize
468KB

Download