64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 22:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
Size

468KB
MD5

a81d36f3f90ccdf68ee3c389a5e7ab08
SHA1

3d253bc145f49134d038b7ee264328ec6b5ade83
SHA256

64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235
SHA512

d2c7017050cfc6f5bb5989db2eae11773395c01426273289f1d81821fc349f11fe322927de8ee0d76c993315fed161bfd030839f23c9aeb3765c963498a6c3a2
SSDEEP

3072:1G3HoggSIE5TtbYtHzcOcf8/zDcaL0pkJVHeTVPyQ65Lt7gPEslk:1G3ozMTtaH4OcfuY10Q6VRgPE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2536	Unicorn-27652.exe
2352	Unicorn-50848.exe
2500	Unicorn-39987.exe
2788	Unicorn-16443.exe
2836	Unicorn-45031.exe
2696	Unicorn-16342.exe
2960	Unicorn-41200.exe
2580	Unicorn-32862.exe
2108	Unicorn-3458.exe
2560	Unicorn-16910.exe
1224	Unicorn-573.exe
324	Unicorn-53758.exe
564	Unicorn-11434.exe
2652	Unicorn-59623.exe
2044	Unicorn-27216.exe
2952	Unicorn-41881.exe
2980	Unicorn-23961.exe
2964	Unicorn-51895.exe
2356	Unicorn-58025.exe
3036	Unicorn-33965.exe
1168	Unicorn-9003.exe
1260	Unicorn-9268.exe
1736	Unicorn-11961.exe
2584	Unicorn-1100.exe
2208	Unicorn-17336.exe
900	Unicorn-15298.exe
280	Unicorn-41941.exe
2120	Unicorn-40571.exe
2220	Unicorn-20705.exe
3008	Unicorn-31640.exe
2012	Unicorn-43263.exe
2204	Unicorn-32595.exe
1604	Unicorn-32080.exe
2520	Unicorn-28018.exe
2860	Unicorn-48438.exe
1716	Unicorn-48173.exe
1700	Unicorn-44254.exe
2676	Unicorn-37940.exe
2764	Unicorn-57545.exe
3016	Unicorn-63020.exe
2608	Unicorn-28210.exe
2756	Unicorn-36278.exe
2604	Unicorn-13819.exe
2600	Unicorn-23164.exe
2156	Unicorn-51344.exe
2248	Unicorn-31478.exe
1076	Unicorn-45677.exe
1648	Unicorn-26648.exe
1520	Unicorn-26648.exe
1020	Unicorn-27202.exe
2372	Unicorn-7987.exe
1068	Unicorn-16918.exe
2624	Unicorn-59796.exe
2680	Unicorn-13772.exe
1516	Unicorn-33638.exe
1660	Unicorn-31235.exe
828	Unicorn-62226.exe
852	Unicorn-13580.exe
108	Unicorn-35392.exe
2380	Unicorn-51982.exe
596	Unicorn-62917.exe
2452	Unicorn-53181.exe
236	Unicorn-14286.exe
2140	Unicorn-31674.exe

Loads dropped DLL 64 IoCs

pid	Process
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2536	Unicorn-27652.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2536	Unicorn-27652.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2352	Unicorn-50848.exe
2352	Unicorn-50848.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2500	Unicorn-39987.exe
2500	Unicorn-39987.exe
2536	Unicorn-27652.exe
2536	Unicorn-27652.exe
2788	Unicorn-16443.exe
2788	Unicorn-16443.exe
2352	Unicorn-50848.exe
2352	Unicorn-50848.exe
2836	Unicorn-45031.exe
2836	Unicorn-45031.exe
2960	Unicorn-41200.exe
2960	Unicorn-41200.exe
2500	Unicorn-39987.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2536	Unicorn-27652.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2536	Unicorn-27652.exe
2500	Unicorn-39987.exe
2696	Unicorn-16342.exe
2696	Unicorn-16342.exe
2580	Unicorn-32862.exe
2580	Unicorn-32862.exe
2788	Unicorn-16443.exe
2788	Unicorn-16443.exe
2352	Unicorn-50848.exe
2108	Unicorn-3458.exe
2108	Unicorn-3458.exe
2352	Unicorn-50848.exe
324	Unicorn-53758.exe
324	Unicorn-53758.exe
2536	Unicorn-27652.exe
2560	Unicorn-16910.exe
2536	Unicorn-27652.exe
2560	Unicorn-16910.exe
2836	Unicorn-45031.exe
2836	Unicorn-45031.exe
564	Unicorn-11434.exe
564	Unicorn-11434.exe
2500	Unicorn-39987.exe
2500	Unicorn-39987.exe
1224	Unicorn-573.exe
1224	Unicorn-573.exe
2652	Unicorn-59623.exe
2652	Unicorn-59623.exe
2044	Unicorn-27216.exe
2960	Unicorn-41200.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2044	Unicorn-27216.exe
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2960	Unicorn-41200.exe
2696	Unicorn-16342.exe
2696	Unicorn-16342.exe
2952	Unicorn-41881.exe
2952	Unicorn-41881.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2892	2012	WerFault.exe	61
2768	280	WerFault.exe	57
1484	2204	WerFault.exe	62
2984	324	WerFault.exe	44
2876	2952	WerFault.exe	46
2932	2860	WerFault.exe	66
2848	1604	WerFault.exe	63
1680	2764	WerFault.exe	69
2884	852	WerFault.exe	93
1876	236	WerFault.exe	99
1640	2608	WerFault.exe	71
2620	1660	WerFault.exe	91
2376	2372	WerFault.exe	81
908	900	WerFault.exe	56
3968	1960	WerFault.exe	112
3940	1648	WerFault.exe	78
3996	2220	WerFault.exe	59
3988	564	WerFault.exe	42
3924	1700	WerFault.exe	67
3916	2584	WerFault.exe	54
3208	2140	WerFault.exe	100
4028	1076	WerFault.exe	77
3436	2604	WerFault.exe	73
3444	1456	WerFault.exe	110
3156	2392	WerFault.exe	126
3960	108	WerFault.exe	95
4572	2248	WerFault.exe	76
4940	1372	WerFault.exe	164
4436	828	WerFault.exe	92
4420	1068	WerFault.exe	84
4412	2680	WerFault.exe	88
4564	2924	WerFault.exe	116
4708	2956	WerFault.exe	133
4908	1520	WerFault.exe	79
4900	800	WerFault.exe	159
4840	596	WerFault.exe	97
4892	2600	WerFault.exe	74
4580	2724	WerFault.exe	105
4956	2120	WerFault.exe	58
4992	2452	WerFault.exe	98
4984	1736	WerFault.exe	53
4964	2556	WerFault.exe	124
5028	2736	WerFault.exe	101
5072	2684	WerFault.exe	131
4228	2396	WerFault.exe	147
5452	1224	WerFault.exe	41
5620	2624	WerFault.exe	86
5732	1020	WerFault.exe	80
5724	2356	WerFault.exe	49
5664	2108	WerFault.exe	39
5640	2520	WerFault.exe	64
5784	1716	WerFault.exe	65
5772	2208	WerFault.exe	55
5528	1912	WerFault.exe	119
5748	1260	WerFault.exe	52
6032	2760	WerFault.exe	128
6132	2700	WerFault.exe	129
5260	2960	WerFault.exe	37
5564	3048	WerFault.exe	146
5344	2612	WerFault.exe	127
5472	1756	WerFault.exe	120
6344	1096	WerFault.exe	137
6524	1948	WerFault.exe	130
6516	2324	WerFault.exe	140

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46340.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4633.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26648.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19049.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59476.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55734.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9201.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48001.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36813.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
2536	Unicorn-27652.exe
2352	Unicorn-50848.exe
2500	Unicorn-39987.exe
2788	Unicorn-16443.exe
2836	Unicorn-45031.exe
2696	Unicorn-16342.exe
2960	Unicorn-41200.exe
2580	Unicorn-32862.exe
2108	Unicorn-3458.exe
324	Unicorn-53758.exe
2560	Unicorn-16910.exe
1224	Unicorn-573.exe
2044	Unicorn-27216.exe
564	Unicorn-11434.exe
2652	Unicorn-59623.exe
2952	Unicorn-41881.exe
2980	Unicorn-23961.exe
2964	Unicorn-51895.exe
2356	Unicorn-58025.exe
1168	Unicorn-9003.exe
3036	Unicorn-33965.exe
1260	Unicorn-9268.exe
1736	Unicorn-11961.exe
2584	Unicorn-1100.exe
2208	Unicorn-17336.exe
900	Unicorn-15298.exe
3008	Unicorn-31640.exe
280	Unicorn-41941.exe
2120	Unicorn-40571.exe
2220	Unicorn-20705.exe
2012	Unicorn-43263.exe
2204	Unicorn-32595.exe
1604	Unicorn-32080.exe
2520	Unicorn-28018.exe
1700	Unicorn-44254.exe
2860	Unicorn-48438.exe
2676	Unicorn-37940.exe
1716	Unicorn-48173.exe
2764	Unicorn-57545.exe
3016	Unicorn-63020.exe
2608	Unicorn-28210.exe
2248	Unicorn-31478.exe
2156	Unicorn-51344.exe
2600	Unicorn-23164.exe
2756	Unicorn-36278.exe
2604	Unicorn-13819.exe
1648	Unicorn-26648.exe
1076	Unicorn-45677.exe
1520	Unicorn-26648.exe
1020	Unicorn-27202.exe
2624	Unicorn-59796.exe
1068	Unicorn-16918.exe
2372	Unicorn-7987.exe
2680	Unicorn-13772.exe
1516	Unicorn-33638.exe
1660	Unicorn-31235.exe
828	Unicorn-62226.exe
852	Unicorn-13580.exe
596	Unicorn-62917.exe
108	Unicorn-35392.exe
2452	Unicorn-53181.exe
2380	Unicorn-51982.exe
236	Unicorn-14286.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2536	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	30
PID 2084 wrote to memory of 2536	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	30
PID 2084 wrote to memory of 2536	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	30
PID 2084 wrote to memory of 2536	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	30
PID 2084 wrote to memory of 2352	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	32
PID 2084 wrote to memory of 2352	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	32
PID 2084 wrote to memory of 2352	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	32
PID 2084 wrote to memory of 2352	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	32
PID 2536 wrote to memory of 2500	2536	Unicorn-27652.exe	31
PID 2536 wrote to memory of 2500	2536	Unicorn-27652.exe	31
PID 2536 wrote to memory of 2500	2536	Unicorn-27652.exe	31
PID 2536 wrote to memory of 2500	2536	Unicorn-27652.exe	31
PID 2352 wrote to memory of 2788	2352	Unicorn-50848.exe	34
PID 2352 wrote to memory of 2788	2352	Unicorn-50848.exe	34
PID 2352 wrote to memory of 2788	2352	Unicorn-50848.exe	34
PID 2352 wrote to memory of 2788	2352	Unicorn-50848.exe	34
PID 2084 wrote to memory of 2696	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	35
PID 2084 wrote to memory of 2696	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	35
PID 2084 wrote to memory of 2696	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	35
PID 2084 wrote to memory of 2696	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	35
PID 2500 wrote to memory of 2836	2500	Unicorn-39987.exe	36
PID 2500 wrote to memory of 2836	2500	Unicorn-39987.exe	36
PID 2500 wrote to memory of 2836	2500	Unicorn-39987.exe	36
PID 2500 wrote to memory of 2836	2500	Unicorn-39987.exe	36
PID 2536 wrote to memory of 2960	2536	Unicorn-27652.exe	37
PID 2536 wrote to memory of 2960	2536	Unicorn-27652.exe	37
PID 2536 wrote to memory of 2960	2536	Unicorn-27652.exe	37
PID 2536 wrote to memory of 2960	2536	Unicorn-27652.exe	37
PID 2788 wrote to memory of 2580	2788	Unicorn-16443.exe	38
PID 2788 wrote to memory of 2580	2788	Unicorn-16443.exe	38
PID 2788 wrote to memory of 2580	2788	Unicorn-16443.exe	38
PID 2788 wrote to memory of 2580	2788	Unicorn-16443.exe	38
PID 2352 wrote to memory of 2108	2352	Unicorn-50848.exe	39
PID 2352 wrote to memory of 2108	2352	Unicorn-50848.exe	39
PID 2352 wrote to memory of 2108	2352	Unicorn-50848.exe	39
PID 2352 wrote to memory of 2108	2352	Unicorn-50848.exe	39
PID 2836 wrote to memory of 2560	2836	Unicorn-45031.exe	40
PID 2836 wrote to memory of 2560	2836	Unicorn-45031.exe	40
PID 2836 wrote to memory of 2560	2836	Unicorn-45031.exe	40
PID 2836 wrote to memory of 2560	2836	Unicorn-45031.exe	40
PID 2960 wrote to memory of 1224	2960	Unicorn-41200.exe	41
PID 2960 wrote to memory of 1224	2960	Unicorn-41200.exe	41
PID 2960 wrote to memory of 1224	2960	Unicorn-41200.exe	41
PID 2960 wrote to memory of 1224	2960	Unicorn-41200.exe	41
PID 2084 wrote to memory of 2652	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	43
PID 2084 wrote to memory of 2652	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	43
PID 2084 wrote to memory of 2652	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	43
PID 2084 wrote to memory of 2652	2084	64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe	43
PID 2536 wrote to memory of 324	2536	Unicorn-27652.exe	44
PID 2536 wrote to memory of 324	2536	Unicorn-27652.exe	44
PID 2536 wrote to memory of 324	2536	Unicorn-27652.exe	44
PID 2536 wrote to memory of 324	2536	Unicorn-27652.exe	44
PID 2500 wrote to memory of 564	2500	Unicorn-39987.exe	42
PID 2500 wrote to memory of 564	2500	Unicorn-39987.exe	42
PID 2500 wrote to memory of 564	2500	Unicorn-39987.exe	42
PID 2500 wrote to memory of 564	2500	Unicorn-39987.exe	42
PID 2696 wrote to memory of 2044	2696	Unicorn-16342.exe	45
PID 2696 wrote to memory of 2044	2696	Unicorn-16342.exe	45
PID 2696 wrote to memory of 2044	2696	Unicorn-16342.exe	45
PID 2696 wrote to memory of 2044	2696	Unicorn-16342.exe	45
PID 2580 wrote to memory of 2952	2580	Unicorn-32862.exe	46
PID 2580 wrote to memory of 2952	2580	Unicorn-32862.exe	46
PID 2580 wrote to memory of 2952	2580	Unicorn-32862.exe	46
PID 2580 wrote to memory of 2952	2580	Unicorn-32862.exe	46

C:\Users\Admin\AppData\Local\Temp\64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe
"C:\Users\Admin\AppData\Local\Temp\64e0d5e2ef1f94c74528f6dd1c4ee627ea2953960a6affe83e46375590819235.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47586.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11427.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        9⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        9⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        9⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        8⤵
        Program crash
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        7⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        8⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        8⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 216
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        7⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 248
        7⤵
        Program crash
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        8⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 248
        8⤵
        Program crash
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35697.exe
        7⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        7⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 224
        7⤵
        Program crash
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        7⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 244
        7⤵
        Program crash
        
        PID:6032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31322.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        6⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        6⤵
        
        PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 244
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49673.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        8⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        8⤵
        Program crash
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58687.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51148.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        8⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        7⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1989.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        7⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        7⤵
        
        PID:7276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17960.exe
        6⤵
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 244
        6⤵
        Program crash
        
        PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        5⤵
        Executes dropped EXE
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
        7⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 244
        7⤵
        Program crash
        
        PID:6516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
        6⤵
        Program crash
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32061.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        6⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
        6⤵
        
        PID:6164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        5⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15485.exe
        6⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14281.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57857.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        6⤵
        
        PID:3800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        6⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15523.exe
        5⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21206.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        5⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        5⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60353.exe
        5⤵
        
        PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33057.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        8⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        8⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42207.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
        7⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        7⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        7⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        7⤵
        Program crash
        
        PID:4708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        6⤵
        Program crash
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22040.exe
        6⤵
        
        PID:1200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
        6⤵
        Program crash
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52993.exe
        5⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31387.exe
        6⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10050.exe
        6⤵
        
        PID:7692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 248
        5⤵
        Program crash
        
        PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17336.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61422.exe
        7⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
        7⤵
        Program crash
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55734.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
        6⤵
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 248
        6⤵
        Program crash
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17000.exe
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        6⤵
        
        PID:4744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 244
        6⤵
        Program crash
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        6⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        6⤵
        
        PID:6816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        6⤵
        
        PID:7652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 248
        5⤵
        Program crash
        
        PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
        5⤵
        
        PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 244
        5⤵
        Program crash
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
      4⤵
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
        5⤵
        
        PID:3832
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 228
        5⤵
        Program crash
        
        PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
      4⤵
      PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
      4⤵
      PID:6508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 248
      4⤵
      PID:3888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21744.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25874.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        7⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        7⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        7⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        7⤵
        
        PID:7596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 248
        6⤵
        Program crash
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        5⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        6⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        5⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1624.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 248
        5⤵
        Program crash
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20705.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        6⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
        6⤵
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18317.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33114.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        6⤵
        
        PID:6684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 244
        6⤵
        
        PID:7036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        7⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        7⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        7⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        7⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        6⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        6⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46395.exe
        6⤵
        
        PID:6552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 228
        6⤵
        
        PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34466.exe
        5⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        6⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        6⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        6⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        6⤵
        
        PID:6436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
        6⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        6⤵
        
        PID:7448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 248
        5⤵
        Program crash
        
        PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        5⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        6⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        6⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        6⤵
        
        PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        5⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        5⤵
        
        PID:6328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 248
        5⤵
        
        PID:6156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
      4⤵
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64624.exe
        5⤵
        
        PID:4568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 244
        5⤵
        Program crash
        
        PID:6524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
      4⤵
      PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34835.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36136.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 248
      4⤵
      Program crash
      PID:5260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
        6⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 224
        7⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53425.exe
        6⤵
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 220
        6⤵
        Program crash
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        6⤵
        
        PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27245.exe
        5⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        5⤵
        
        PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46510.exe
        5⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
        5⤵
        
        PID:7292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 248
      4⤵
      Program crash
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
        6⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
        6⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        5⤵
        
        PID:3900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 224
        5⤵
        Program crash
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35173.exe
      4⤵
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        5⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11147.exe
        5⤵
        
        PID:7024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 220
        5⤵
        
        PID:6308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
      4⤵
      PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
      4⤵
      PID:4640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
      4⤵
      PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      4⤵
      PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
      4⤵
      PID:6492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 248
      4⤵
      PID:7064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 224
      4⤵
      Program crash
      PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
    3⤵
    PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
      4⤵
      PID:7820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51294.exe
    3⤵
    PID:3316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64989.exe
    3⤵
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9078.exe
    3⤵
    PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
    3⤵
    PID:6692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
    3⤵
    PID:7272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:1484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 248
        6⤵
        Program crash
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 244
        6⤵
        Program crash
        
        PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
        6⤵
        
        PID:3132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 248
        6⤵
        Program crash
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44224.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        6⤵
        
        PID:6868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        6⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1691.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21273.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        5⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38120.exe
        5⤵
        
        PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        7⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 224
        7⤵
        Program crash
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
        6⤵
        
        PID:5716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 228
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        5⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        6⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 224
        7⤵
        Program crash
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        6⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        6⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
        6⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        6⤵
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40435.exe
        6⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
        6⤵
        
        PID:4664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 248
        6⤵
        Program crash
        
        PID:6132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        5⤵
        Program crash
        
        PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 224
        5⤵
        Program crash
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe
      4⤵
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        5⤵
        
        PID:4184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 228
        5⤵
        Program crash
        
        PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
      4⤵
      PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43411.exe
      4⤵
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
      4⤵
      PID:6996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
      4⤵
      PID:7492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
        7⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 212
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        7⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        7⤵
        Program crash
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50281.exe
        7⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42678.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        6⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53212.exe
        6⤵
        
        PID:6252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 244
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 224
        6⤵
        Program crash
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        5⤵
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        6⤵
        
        PID:6840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 248
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        5⤵
        
        PID:4324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 244
        5⤵
        Program crash
        
        PID:5724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 224
        5⤵
        Program crash
        
        PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
      4⤵
      PID:1960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        5⤵
        Program crash
        
        PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
      4⤵
      PID:5068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 244
      4⤵
      Program crash
      PID:5664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51100.exe
        5⤵
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        6⤵
        
        PID:4884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        6⤵
        
        PID:6424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        6⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16585.exe
        5⤵
        
        PID:4836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 244
        5⤵
        Program crash
        
        PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31234.exe
      4⤵
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43720.exe
        5⤵
        
        PID:7748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45157.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7920.exe
      4⤵
      PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4208.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35249.exe
      4⤵
      PID:6752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26240.exe
      4⤵
      PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
      4⤵
      PID:7544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35392.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48770.exe
        5⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20364.exe
        6⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        6⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24910.exe
        6⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
        6⤵
        
        PID:6936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        6⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        5⤵
        
        PID:3216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 244
        5⤵
        Program crash
        
        PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28998.exe
        5⤵
        
        PID:4696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        5⤵
        
        PID:6396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
        5⤵
        
        PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
      4⤵
      PID:5040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 248
      4⤵
      Program crash
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8583.exe
      4⤵
      PID:3184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 224
      4⤵
      Program crash
      PID:4840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20214.exe
      4⤵
      PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
      4⤵
      PID:6712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64890.exe
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe
    3⤵
    PID:4476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
    3⤵
    PID:5668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
    3⤵
    PID:6664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
    3⤵
    PID:7724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 228
        6⤵
        Program crash
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        6⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1957.exe
        7⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
        7⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 220
        7⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60389.exe
        6⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29409.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        6⤵
        
        PID:6788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 248
        6⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
        5⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        5⤵
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 244
        5⤵
        Program crash
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        5⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6928.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18552.exe
        6⤵
        
        PID:5972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        6⤵
        
        PID:6848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
        6⤵
        
        PID:6444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        5⤵
        
        PID:4020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        5⤵
        Program crash
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
      4⤵
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55750.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7483.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        5⤵
        
        PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
        5⤵
        
        PID:7076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        5⤵
        
        PID:6716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
      4⤵
      PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
      4⤵
      PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
      4⤵
      PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
      4⤵
      PID:6180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 244
      4⤵
      Program crash
      PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
      4⤵
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        5⤵
        
        PID:5248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 228
        5⤵
        Program crash
        
        PID:5472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
      4⤵
      PID:4168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 244
      4⤵
      Program crash
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
    3⤵
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58080.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
      4⤵
      PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
      4⤵
      PID:6772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
      4⤵
      PID:7120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48771.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
    3⤵
    PID:3312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65280.exe
    3⤵
    PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
    3⤵
    PID:6820
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 228
    3⤵
    PID:2216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41941.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 224
      4⤵
      Program crash
      PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13772.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13788.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        5⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3384.exe
        5⤵
        
        PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
      4⤵
      PID:3236
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
      4⤵
      Program crash
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
    3⤵
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45252.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
      4⤵
      PID:5388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 248
      4⤵
      Program crash
      PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
    3⤵
    PID:5652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4740.exe
    3⤵
    PID:6236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
    3⤵
    PID:7084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 224
      4⤵
      Program crash
      PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
    3⤵
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
      4⤵
      PID:4860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
      4⤵
      PID:5216
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
      4⤵
      Program crash
      PID:5344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
    3⤵
    PID:4732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60482.exe
    3⤵
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
    3⤵
    PID:6392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43536.exe
    3⤵
    PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18352.exe
    3⤵
    PID:7200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
    3⤵
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6196.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
      4⤵
      PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53773.exe
      4⤵
      PID:6544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
      4⤵
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
    3⤵
    PID:3452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 224
    3⤵
    - Program crash
    PID:4892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
  2⤵
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
    3⤵
    PID:3180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 248
    3⤵
    - Program crash
    PID:5072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
  2⤵
  PID:4044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25035.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13470.exe
  2⤵
  PID:3352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
  2⤵
  PID:1428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
  2⤵
  PID:6320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11865.exe
  2⤵
  PID:6484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
  2⤵
  PID:6764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe

Filesize
468KB

MD5
7798daf37eb087d7b28c6297dcf22a1c

SHA1
773b178f40b11b6b74c59ef32c4e734381f15313

SHA256
3c6f1434eac596bb2cf7546ff8ef2cad47ab48d02599349ae7e50a8acec241c0

SHA512
c2f67521b3de5b43ac6708389856f2778a393a24455d38ff4f86e20dd61383d553b80a6d14eeff96f59d6963d8dc1ad2a04311c19ad38b4130f192beb1cd2eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13012.exe

Filesize
468KB

MD5
a5c36d27f6b0ec29464b3722522b413f

SHA1
4eb8b3d6fc67c03834fe675dbd89f38214c32a6c

SHA256
ee1ca647ae43144a40079e3ece7a7fecf1e434ede9035593ea4a0f64f547ea3c

SHA512
e03e0a914397dd5b8ec4c5e7180c4cd3caab8b94f1d0d8f4a8da80d8a9d11cf9b1e8bfe518df2cdd8afb364525e6f029e93b0e23eb5e9062f5f68b5602015658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe

Filesize
468KB

MD5
2eae782738387390e1354817b2b9c6a8

SHA1
05173528a39fa805f209512e8b6a43f259694a17

SHA256
f16786dd4822b4a50c4bd87eba4091efb23a757a2fbd84f538c304e35e9fedaf

SHA512
20f7b61c16533e9ca2c211701c3ca48760e7cfbfc28801d5244c754ba2bc8c2ff1e8ca7fcc174122e4b98d4ea9de920f94d8475e632107a5279fce131844bc48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe

Filesize
468KB

MD5
59ccc7d06593919f62c6a664b2d7d38f

SHA1
6673a906a497e0a7096c9ca6b8b3b2341d048796

SHA256
dddb44eaabf7d1a9dd51693aa555ddaa0c58bbcea66335b6050597d0e73c10f9

SHA512
fe73e54256bf6e76760a43ff02316a17da4e491e10892b830ee91971bd5ef93c4879da4d4601530198c890f8d4fcce46bf4cf3a78993c32683550fe2e93a327e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe

Filesize
468KB

MD5
dc187bc8d7f11662030344786f697a89

SHA1
7382d43e745683944738f94f0c42f009e0e1da92

SHA256
49f1caa0c86f2a503e8a855c805a847faf6f559de24a036b2eda7dba5aa4c746

SHA512
67e037c58daa819ade305e1bf1f37d6486b7a6c3613911e325ff72af063c06e15f097e3e226ffa60f9709e57cc97a1bd0d4dad33a041c8bd356a4ded9aea06b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe

Filesize
468KB

MD5
d26d37bcc90930e7a9a38d96d7688e55

SHA1
35341d21c0caea8def3eb07ffb88c70831589010

SHA256
38522b897801ae9392dc0bdc0b7874d5214369b382ee3d4f8b706950c340f7eb

SHA512
a48e67c5e3e825e296abea9975b6d8725f89429bf2d0d116e19ddec7d8d2e0cf02db5e4fc733271f937b7a6634fb227eb0bed61b6205e61dca6cab9c6a632319

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41881.exe

Filesize
468KB

MD5
7041f0896ca837d5329ec3e8b57984f6

SHA1
6eb0cfa0c6489592eba82f2cfbda3c4299298140

SHA256
200ca778a27616f6abf5b567c8a841a32bed6c175c122f08aa1da1d4740c1596

SHA512
53812ae466ea80ef60f6aae0b4f262a76c80efab8ae5d4ae3a1dbc18bbca04a2034df6e8ecf94ccde8a31edeb6f478aeb0b9bc4f9ba5730a4c29a48e618b0fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe

Filesize
468KB

MD5
247ab61147966325e0266749c6fb3700

SHA1
c5d05a770a926ee93a6bb4f8c2e1b365c4a7fef3

SHA256
f529d29422a88e9302d1cac862fedc232898bdd85f7e18af01a5addfdc546a34

SHA512
96a652bad05287eb6c8de80aebd1c19a293a3a44b21d4a67bb65a6c6fc29bd81564621acb2a41650dd9e8d9a310dd2d19a23988676d05fa5df6bb728317e0230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4858.exe

Filesize
468KB

MD5
d4fbd01e69b8e3e35ed6de5413a3b492

SHA1
d5e8a26123771c2eb84418980a815a5c6b9d8a92

SHA256
805b93611ce72614b53eb0c039cb22390552a19a83ca4e0e763dcd6131e166b3

SHA512
eef66aca348a9252ba920c007df58f461e56f1a04b18a8d61f6b629f56acc7fa7c1d31b54aa31bee3d88cd60f6fb1bd7167ce537c4b1ba2f58fca5aec90e9099

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe

Filesize
468KB

MD5
26bc8052010404b9fe7fff8bbdad00eb

SHA1
4ec5cd1f08bd66ebfc3b5f3de47cca6f1a3cdae6

SHA256
2101ea2e572b082acdca0418127fe4604b8a3edfa68c4842051a56fc74298b99

SHA512
a0bab0919f2c64bc7b9b0174ebc9ca2ebbcb521a39429bef55fbf2cae18f5e5298a90061a3c2a08308834434825ac1a0127cdad8b925ba6296ccfab8708fa803

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe

Filesize
468KB

MD5
bb66200b98e39058abfd97479b1e47a0

SHA1
10cf7614d9f38a17c6755f546abeeae2da9ec1d0

SHA256
abcc8741995e06f6f50d2df8be95cecfceeb1607bf86ee3766f262ccd64abb6d

SHA512
464692da2dd2a0ebbac6d51d8a10893854a373c996bacac5f109421d481339fed99e0c5c64379c7df13d183aae1e5c13b5c5cfa644ea59f88b339fd06eec6df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe

Filesize
468KB

MD5
7e42f1f632e4fbd2e764929d68d52c7c

SHA1
a8874b5a393aca5553b2527deadc4c6950931c4c

SHA256
02d1915a0cf6af1c1a37c288409f747f5cc55103ace4bb514d20244f3e08de76

SHA512
3f1e468729b4ed6639a43ef0237fabda8b6881d5488340651dd9a078a294afe10b5078763fdd988566ef2d675475c1116c57b85e19d20d9fc12f838fcaa0ba70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe

Filesize
468KB

MD5
61d7f58db1bb4ad19284863fccdcf1b6

SHA1
6a8d24bb25922deb6c19ca8d5e436df5eb130a3a

SHA256
02b7431d87b27dc21d7fddc6632aacff9b3a051bc0243f8148bc05efb18ee5e3

SHA512
1e196b30883be8fd0d0364cd06684505028447d7edb86a58a8c68b6347131b2f08b09189651af822c617972ef0fe32ecec217d812890b46c78b0425b2631faec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe

Filesize
468KB

MD5
1745c4f92e4c44b79368d07e90de4e68

SHA1
c08f903d9d67d0c0f68e79b1ec9444c07d90cdbe

SHA256
a797a00fe9cad61d73c7d538e3fa92fcbc83de1896d9f4de2040dc5fe2da7c4e

SHA512
8e5ec350e68bf273ef8dfc55eb0a1237481832d5711d45a7ed40470a0b9d9017dce7b0eafafc1df424a6f1a0449cd47910364befcdc49d00725dde139cf4c059

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe

Filesize
468KB

MD5
3e594b12600c450019cf43104bb21124

SHA1
d671169a64fac2b7a45d09531df26a6332ad9ce2

SHA256
baf340b38ded137a2f0658aa8804eace564b4f7ceb889e6bedd968154bc17382

SHA512
8606d28bf16a4a6cd23d2ccb4d85de84f1a6a4607a24843e271defb04ad1d06b2b850ea73a98e5e4758ceb47a93f269baceb036b693ad23e4f37fbde222a5d40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe

Filesize
468KB

MD5
c267f296fd4a55e51e5aad30fe22fb59

SHA1
df3c6c30bce2c0ee1544942fc0a84b6dcea5cf60

SHA256
b7e68feaf5b9f22939d8a74a57af4a7b748f000060ccfd1c04a1fcbd0996c0b1

SHA512
96051ed3fd461c90cbf3e7d4c411e291502bafa0839b3b6296a62083385a6d2b15aa6978837ade829fb15f03e20ebbbda71b75e6d265be2b5a0ba1a8cdf5edf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe

Filesize
468KB

MD5
f83812609bf62f0f755b704653900a34

SHA1
c964694d5cdbe7b75264fbf6eecb30c07ffc4098

SHA256
28c56dfb3c1e72603d96dd513baa061d6e75b4b54c4f688c007eb7e069c5805c

SHA512
c05459407adc8e9e2f72ea726e856e6b597e204ca361b84692c189f4deaaed227cb8dfb9c2a70905e788e2beea43173fcfa73b0f199cfb14ae77d99771989e9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe

Filesize
468KB

MD5
729841439e9590cb97564c1539027539

SHA1
2e41f2a4451541952d95738f041a588fc41bb580

SHA256
7dc6a97469a5f54ee8d3953adb2f2d1ddcacd7875c44cb27fff20cd9e8fc91bb

SHA512
06fb03b59bac8dad1789b3acf3a97331a8d484ebf85c9481feec14834d3f27a68aa55e041f10a6ac14a898bbf794f45cbd9803536e4d8c31eb585e480ce87607

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41200.exe

Filesize
468KB

MD5
6d42a19fa336199a036f5dcdf7ee3782

SHA1
11395865470db855f627fe5ceb8aaa715eed4ae3

SHA256
9a8d5a7cc21a1bba1816bcdd01345349e50d69802f1aeee8692bcca356ac00b2

SHA512
285b98caab08df07bc699640b88306cad6bf1d99e3449ebe75a98838c1c749b35bda28afa18037d5ae186202699c7a327e498f8f59382c5c905daf7e86e80998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe

Filesize
468KB

MD5
622d13515eca39c598356123dfb5f5f5

SHA1
14cd3ad732ddfc4ed563469fe55a41848f97c29c

SHA256
725e4b227acb270b3c246b6a469e4620d13e50c58b6113b7795c290fec32e0bf

SHA512
865e54fb9034928db7311c205808eacd6530c62259bfc7fea9a0b21f629752c9b78cb06a685df8fc92fce255aeea2467d116da85c000badbd8f73823fb860a1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe

Filesize
468KB

MD5
2e71290826da78d25c4e835d9ee42810

SHA1
e8f2f5441c2f4e4867cf90fc390aa4aaf9f87f15

SHA256
76337de067f3b058ae83149d8e84d1c43a7b023725065a301cb0ba8d691110ac

SHA512
f9f97ad17cd2d1df5dcba771a16dda2271cc2e7657bf48ccb224fd69344e2058e402bb331f37d9a5ae2870331175878fae00b4bb54e39a281fb653e5ee56fe65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe

Filesize
468KB

MD5
07a1d74985a2ea12e33fe49e536b8b94

SHA1
e61c3b38cb1885eba2f6852f55a7ae0ce936e45c

SHA256
4a2cd96a3f3f42655cd7830e3289383a1d8245433ee71a1e990a8c1f80f1a8f2

SHA512
b288db53300be6b4d756867b8e0d7289ae45f4299ff1fd13f4faa7a829e6cafea867d149d56b08d8856e1e634bbbdedc9450d11eff8b01423c6197cdd0a16837

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-573.exe

Filesize
468KB

MD5
949ee26aa67529f2d0c6354a3b8b695a

SHA1
8279cfe99fb8aaa464b6bf6d05f5eae83bd12535

SHA256
6458fc01b68ccd21e66666b29fda6b1441d53cb1b1f335141a36b8c4354caba5

SHA512
3f2e8409ac7e4cd8f3953fe3e8e5b1be608e633220f2ebd916d031cb440e940dad0350293c6282a45ff384d4dbbb361a49a91228cb2b519e0be4b95487f8ef6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58025.exe

Filesize
468KB

MD5
e814a86a01deaa8486b26813dec4b6b0

SHA1
08dd86205d46ca64f884de6475b9caf1d9eb3b15

SHA256
ac42e0cc11958ee1c61541f4dc795c4efaba597a5533c37e9c9ea3bc8e9eb59e

SHA512
b0e2b26cf601f346781ce1805985093e84c318915aade55d90ca6dfa65e9971976ac2d16058ff2883913a8453644f57ba81814baf4a600473c5b0e3c1867f899

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe

Filesize
468KB

MD5
bf2279c968c954846a7974674124242e

SHA1
00cc74dc7f82b9ebe1cc2eb32122b9a1219036ba

SHA256
c9fd0e3ec9ddc4ef9ec656bf901a16f53dedb31181c39c7b0f395f22912c4fc6

SHA512
54cb06c140663edaca94abb82d4e1c1b66bacbbbf6caad154f7226c559fe7891e46808ac923da5c7c32586f117433ad911518e0e452df37251773f0e1ef3b1a2

Download Submit