f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
Size

468KB
MD5

13068036803733546df3d83b7aecd1f5
SHA1

a8b623da043ee8d95d13321358447366aabd1f2f
SHA256

f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf
SHA512

e492b54a7f0d6cf317fb4bd393de04473b6b688de38b3729ee417dd1576335404ae3ca4a2b63957d75a7bfb21a74a8450ecd8799aee7c882e17fcfe4e329fa67
SSDEEP

3072:sO3HogISIE5TtbY2HzcOcf8/ACcaP0pkJVHeTVPyF6NLRqggEBlL:sO3obMTtxH4OcfAY10F6pkggE

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1812	Unicorn-39502.exe
1104	Unicorn-55397.exe
2824	Unicorn-19195.exe
2560	Unicorn-28527.exe
2516	Unicorn-24421.exe
2600	Unicorn-38157.exe
2572	Unicorn-28527.exe
2480	Unicorn-36254.exe
2388	Unicorn-3316.exe
2356	Unicorn-35870.exe
2900	Unicorn-12827.exe
2928	Unicorn-2621.exe
2716	Unicorn-2813.exe
1240	Unicorn-22164.exe
1800	Unicorn-48485.exe
276	Unicorn-24018.exe
1768	Unicorn-370.exe
2188	Unicorn-54588.exe
2148	Unicorn-4706.exe
2456	Unicorn-4706.exe
1056	Unicorn-56508.exe
3064	Unicorn-10836.exe
1640	Unicorn-10836.exe
296	Unicorn-9694.exe
928	Unicorn-62780.exe
2112	Unicorn-58867.exe
2880	Unicorn-46911.exe
1504	Unicorn-24060.exe
648	Unicorn-62095.exe
1712	Unicorn-46416.exe
2276	Unicorn-22874.exe
1732	Unicorn-5696.exe
976	Unicorn-29895.exe
2452	Unicorn-22490.exe
1808	Unicorn-38177.exe
1844	Unicorn-38442.exe
2472	Unicorn-38442.exe
3004	Unicorn-34528.exe
2468	Unicorn-54394.exe
2752	Unicorn-49988.exe
2524	Unicorn-49883.exe
2364	Unicorn-45811.exe
2404	Unicorn-41897.exe
2960	Unicorn-52526.exe
1592	Unicorn-30251.exe
2464	Unicorn-54446.exe
2920	Unicorn-18436.exe
2664	Unicorn-54062.exe
2636	Unicorn-21316.exe
1300	Unicorn-4861.exe
1792	Unicorn-57269.exe
2336	Unicorn-10144.exe
956	Unicorn-34225.exe
1788	Unicorn-5847.exe
1956	Unicorn-11488.exe
2244	Unicorn-59812.exe
1036	Unicorn-59428.exe
2444	Unicorn-40631.exe
2164	Unicorn-33777.exe
892	Unicorn-26372.exe
2272	Unicorn-41290.exe
2552	Unicorn-10310.exe
2284	Unicorn-3677.exe
2504	Unicorn-23012.exe

Loads dropped DLL 64 IoCs

pid	Process
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1812	Unicorn-39502.exe
1812	Unicorn-39502.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1104	Unicorn-55397.exe
2824	Unicorn-19195.exe
1104	Unicorn-55397.exe
1812	Unicorn-39502.exe
1812	Unicorn-39502.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
2824	Unicorn-19195.exe
2600	Unicorn-38157.exe
2600	Unicorn-38157.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
2516	Unicorn-24421.exe
2516	Unicorn-24421.exe
1812	Unicorn-39502.exe
1812	Unicorn-39502.exe
2572	Unicorn-28527.exe
2824	Unicorn-19195.exe
2572	Unicorn-28527.exe
2560	Unicorn-28527.exe
2560	Unicorn-28527.exe
1104	Unicorn-55397.exe
1104	Unicorn-55397.exe
2824	Unicorn-19195.exe
2480	Unicorn-36254.exe
2480	Unicorn-36254.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
2600	Unicorn-38157.exe
2600	Unicorn-38157.exe
2704	WerFault.exe
1104	Unicorn-55397.exe
2824	Unicorn-19195.exe
2824	Unicorn-19195.exe
1104	Unicorn-55397.exe
2560	Unicorn-28527.exe
1800	Unicorn-48485.exe
2356	Unicorn-35870.exe
2560	Unicorn-28527.exe
1800	Unicorn-48485.exe
2356	Unicorn-35870.exe
1812	Unicorn-39502.exe
1812	Unicorn-39502.exe
3008	WerFault.exe
3008	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
2092	WerFault.exe
2092	WerFault.exe
2092	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2704	2388	WerFault.exe	37
2868	2516	WerFault.exe	34
3008	2572	WerFault.exe	33
2092	2716	WerFault.exe	42
1996	2928	WerFault.exe	40
2076	2900	WerFault.exe	39
1748	1240	WerFault.exe	43
1556	2148	WerFault.exe	51
2728	1712	WerFault.exe	65
768	976	WerFault.exe	69
1100	2364	WerFault.exe	78
2692	2232	WerFault.exe	111
2656	3012	WerFault.exe	124
2264	1792	WerFault.exe	87
1492	2272	WerFault.exe	99
3032	3000	WerFault.exe	142
2988	2200	WerFault.exe	119
3188	1860	WerFault.exe	143
3372	1328	WerFault.exe	121
3628	1012	WerFault.exe	148
3660	2524	WerFault.exe	77
3652	956	WerFault.exe	90
3668	3048	WerFault.exe	122
3680	2208	WerFault.exe	120
3716	2268	WerFault.exe	140
3708	2772	WerFault.exe	131
3080	600	WerFault.exe	133
1372	2740	WerFault.exe	128
3344	2464	WerFault.exe	82
3388	2336	WerFault.exe	89
3704	2088	WerFault.exe	137
3748	2132	WerFault.exe	126
3592	2164	WerFault.exe	96
4340	2820	WerFault.exe	159
4392	2036	WerFault.exe	160
4536	2284	WerFault.exe	101
4672	2404	WerFault.exe	79
4664	3004	WerFault.exe	74
4828	2116	WerFault.exe	161
4820	2096	WerFault.exe	169
4836	1940	WerFault.exe	165
4872	928	WerFault.exe	60
4916	2844	WerFault.exe	123
4992	1528	WerFault.exe	168
5012	2976	WerFault.exe	171
5000	1796	WerFault.exe	167
4740	648	WerFault.exe	64
4764	2664	WerFault.exe	84
4776	1300	WerFault.exe	86
4176	2412	WerFault.exe	127
4728	2636	WerFault.exe	85
4568	2276	WerFault.exe	67
4704	2764	WerFault.exe	155
4552	1552	WerFault.exe	183
4792	1496	WerFault.exe	180
5028	1488	WerFault.exe	151
5084	2244	WerFault.exe	93
4956	2332	WerFault.exe	106
4232	2536	WerFault.exe	108
5080	916	WerFault.exe	173
5364	2824	WerFault.exe	31
5332	2380	WerFault.exe	144
5320	1344	WerFault.exe	138
5312	2156	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36394.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30071.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2625.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15239.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22819.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13621.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21528.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47894.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35917.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23066.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27053.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55463.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
1812	Unicorn-39502.exe
2824	Unicorn-19195.exe
1104	Unicorn-55397.exe
2600	Unicorn-38157.exe
2516	Unicorn-24421.exe
2572	Unicorn-28527.exe
2560	Unicorn-28527.exe
2480	Unicorn-36254.exe
2388	Unicorn-3316.exe
2356	Unicorn-35870.exe
2900	Unicorn-12827.exe
1240	Unicorn-22164.exe
2928	Unicorn-2621.exe
2716	Unicorn-2813.exe
1800	Unicorn-48485.exe
276	Unicorn-24018.exe
1768	Unicorn-370.exe
2188	Unicorn-54588.exe
3064	Unicorn-10836.exe
2148	Unicorn-4706.exe
1640	Unicorn-10836.exe
296	Unicorn-9694.exe
1056	Unicorn-56508.exe
2456	Unicorn-4706.exe
928	Unicorn-62780.exe
2112	Unicorn-58867.exe
2880	Unicorn-46911.exe
1504	Unicorn-24060.exe
648	Unicorn-62095.exe
1712	Unicorn-46416.exe
2276	Unicorn-22874.exe
1732	Unicorn-5696.exe
976	Unicorn-29895.exe
1808	Unicorn-38177.exe
1844	Unicorn-38442.exe
2472	Unicorn-38442.exe
2452	Unicorn-22490.exe
2468	Unicorn-54394.exe
3004	Unicorn-34528.exe
2752	Unicorn-49988.exe
2524	Unicorn-49883.exe
2364	Unicorn-45811.exe
2960	Unicorn-52526.exe
2404	Unicorn-41897.exe
1592	Unicorn-30251.exe
2464	Unicorn-54446.exe
2920	Unicorn-18436.exe
2664	Unicorn-54062.exe
2636	Unicorn-21316.exe
1300	Unicorn-4861.exe
1792	Unicorn-57269.exe
2336	Unicorn-10144.exe
1788	Unicorn-5847.exe
956	Unicorn-34225.exe
1956	Unicorn-11488.exe
2244	Unicorn-59812.exe
1036	Unicorn-59428.exe
2444	Unicorn-40631.exe
2164	Unicorn-33777.exe
892	Unicorn-26372.exe
2272	Unicorn-41290.exe
2552	Unicorn-10310.exe
2284	Unicorn-3677.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1812	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	29
PID 1048 wrote to memory of 1812	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	29
PID 1048 wrote to memory of 1812	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	29
PID 1048 wrote to memory of 1812	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	29
PID 1812 wrote to memory of 1104	1812	Unicorn-39502.exe	30
PID 1812 wrote to memory of 1104	1812	Unicorn-39502.exe	30
PID 1812 wrote to memory of 1104	1812	Unicorn-39502.exe	30
PID 1812 wrote to memory of 1104	1812	Unicorn-39502.exe	30
PID 1048 wrote to memory of 2824	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	31
PID 1048 wrote to memory of 2824	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	31
PID 1048 wrote to memory of 2824	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	31
PID 1048 wrote to memory of 2824	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	31
PID 1104 wrote to memory of 2560	1104	Unicorn-55397.exe	32
PID 1104 wrote to memory of 2560	1104	Unicorn-55397.exe	32
PID 1104 wrote to memory of 2560	1104	Unicorn-55397.exe	32
PID 1104 wrote to memory of 2560	1104	Unicorn-55397.exe	32
PID 1812 wrote to memory of 2516	1812	Unicorn-39502.exe	34
PID 1812 wrote to memory of 2516	1812	Unicorn-39502.exe	34
PID 1812 wrote to memory of 2516	1812	Unicorn-39502.exe	34
PID 1812 wrote to memory of 2516	1812	Unicorn-39502.exe	34
PID 1048 wrote to memory of 2600	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	35
PID 1048 wrote to memory of 2600	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	35
PID 1048 wrote to memory of 2600	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	35
PID 1048 wrote to memory of 2600	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	35
PID 2824 wrote to memory of 2572	2824	Unicorn-19195.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-19195.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-19195.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-19195.exe	33
PID 2600 wrote to memory of 2480	2600	Unicorn-38157.exe	36
PID 2600 wrote to memory of 2480	2600	Unicorn-38157.exe	36
PID 2600 wrote to memory of 2480	2600	Unicorn-38157.exe	36
PID 2600 wrote to memory of 2480	2600	Unicorn-38157.exe	36
PID 1048 wrote to memory of 2388	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	37
PID 1048 wrote to memory of 2388	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	37
PID 1048 wrote to memory of 2388	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	37
PID 1048 wrote to memory of 2388	1048	f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe	37
PID 2516 wrote to memory of 2356	2516	Unicorn-24421.exe	38
PID 2516 wrote to memory of 2356	2516	Unicorn-24421.exe	38
PID 2516 wrote to memory of 2356	2516	Unicorn-24421.exe	38
PID 2516 wrote to memory of 2356	2516	Unicorn-24421.exe	38
PID 1812 wrote to memory of 2900	1812	Unicorn-39502.exe	39
PID 1812 wrote to memory of 2900	1812	Unicorn-39502.exe	39
PID 1812 wrote to memory of 2900	1812	Unicorn-39502.exe	39
PID 1812 wrote to memory of 2900	1812	Unicorn-39502.exe	39
PID 2572 wrote to memory of 2928	2572	Unicorn-28527.exe	40
PID 2572 wrote to memory of 2928	2572	Unicorn-28527.exe	40
PID 2572 wrote to memory of 2928	2572	Unicorn-28527.exe	40
PID 2572 wrote to memory of 2928	2572	Unicorn-28527.exe	40
PID 2560 wrote to memory of 2716	2560	Unicorn-28527.exe	42
PID 2560 wrote to memory of 2716	2560	Unicorn-28527.exe	42
PID 2560 wrote to memory of 2716	2560	Unicorn-28527.exe	42
PID 2560 wrote to memory of 2716	2560	Unicorn-28527.exe	42
PID 1104 wrote to memory of 1240	1104	Unicorn-55397.exe	43
PID 1104 wrote to memory of 1240	1104	Unicorn-55397.exe	43
PID 1104 wrote to memory of 1240	1104	Unicorn-55397.exe	43
PID 1104 wrote to memory of 1240	1104	Unicorn-55397.exe	43
PID 2824 wrote to memory of 1800	2824	Unicorn-19195.exe	41
PID 2824 wrote to memory of 1800	2824	Unicorn-19195.exe	41
PID 2824 wrote to memory of 1800	2824	Unicorn-19195.exe	41
PID 2824 wrote to memory of 1800	2824	Unicorn-19195.exe	41
PID 2388 wrote to memory of 2704	2388	Unicorn-3316.exe	44
PID 2388 wrote to memory of 2704	2388	Unicorn-3316.exe	44
PID 2388 wrote to memory of 2704	2388	Unicorn-3316.exe	44
PID 2388 wrote to memory of 2704	2388	Unicorn-3316.exe	44

C:\Users\Admin\AppData\Local\Temp\f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe
"C:\Users\Admin\AppData\Local\Temp\f018357caae271128bdb64c9cbdbafc56a52a2ba5853c903f90113f68d4a40cf.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 244
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2609.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        8⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        9⤵
        Program crash
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        8⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 244
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41239.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57331.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
        8⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 248
        8⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        7⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 244
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        8⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        7⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        7⤵
        
        PID:5196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        6⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        7⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27101.exe
        7⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 224
        7⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12224.exe
        6⤵
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54442.exe
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61405.exe
        6⤵
        
        PID:7884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11026.exe
        6⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        8⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 228
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58161.exe
        7⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        7⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 224
        7⤵
        
        PID:7496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 248
        6⤵
        Program crash
        
        PID:3660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
        5⤵
        
        PID:2232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
        6⤵
        Program crash
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        5⤵
        
        PID:2116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 224
        6⤵
        Program crash
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        5⤵
        
        PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        5⤵
        
        PID:8040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
        5⤵
        
        PID:8832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38782.exe
        5⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
        5⤵
        
        PID:10144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 224
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42210.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38142.exe
        7⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 244
        8⤵
        Program crash
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        7⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 244
        7⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        6⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 224
        7⤵
        Program crash
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        6⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
        6⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        6⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        5⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
        6⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 244
        7⤵
        Program crash
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        6⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27053.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 244
        6⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        5⤵
        
        PID:2976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 224
        6⤵
        Program crash
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        5⤵
        
        PID:5400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        5⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        5⤵
        
        PID:8876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48986.exe
        5⤵
        
        PID:10168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38474.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        7⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        7⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        6⤵
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 244
        6⤵
        Program crash
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        6⤵
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        6⤵
        Program crash
        
        PID:5312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23940.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        5⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        5⤵
        
        PID:6920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
        5⤵
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 244
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        5⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        6⤵
        
        PID:5144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        5⤵
        Program crash
        
        PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
      4⤵
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        5⤵
        
        PID:3452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
        5⤵
        Program crash
        
        PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
      4⤵
      PID:5344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40375.exe
      4⤵
      PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
      4⤵
      PID:7208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20581.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
      4⤵
      PID:10196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9288.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        10⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 244
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46007.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        9⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38063.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        8⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        8⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        8⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        8⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43029.exe
        7⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 224
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
        8⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 228
        8⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        7⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        7⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        7⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 244
        7⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        7⤵
        Program crash
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31366.exe
        7⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 244
        7⤵
        
        PID:6364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42925.exe
        6⤵
        
        PID:4308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 244
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        8⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 228
        8⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        7⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 244
        7⤵
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        6⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 244
        7⤵
        Program crash
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23001.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        6⤵
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 228
        6⤵
        
        PID:7444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        5⤵
        Executes dropped EXE
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        6⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        7⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4382.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        6⤵
        
        PID:4256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 244
        6⤵
        
        PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        6⤵
        
        PID:4404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34259.exe
        5⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35636.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        5⤵
        
        PID:6568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65087.exe
        5⤵
        
        PID:7340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 244
        5⤵
        
        PID:8892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
      4⤵
      Program crash
      PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 244
      4⤵
      Program crash
      PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22874.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        6⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        8⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2946.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        7⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        6⤵
        Program crash
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5759.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        6⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        7⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61999.exe
        6⤵
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 224
        6⤵
        
        PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        5⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        5⤵
        Program crash
        
        PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        6⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 244
        7⤵
        Program crash
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        6⤵
        Program crash
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23066.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        6⤵
        
        PID:6840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 228
        6⤵
        
        PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27096.exe
        5⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 248
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
      4⤵
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        5⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        6⤵
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49201.exe
        6⤵
        
        PID:9880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
        5⤵
        
        PID:4168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 224
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
        5⤵
        
        PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47894.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:10012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2312
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 248
      4⤵
      PID:7288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
      4⤵
      Program crash
      PID:768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
      4⤵
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        5⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        5⤵
        
        PID:8228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        5⤵
        
        PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
        5⤵
        
        PID:9852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 228
      4⤵
      Program crash
      PID:4536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12497.exe
    3⤵
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55497.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe
      4⤵
      PID:6588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 220
      4⤵
      PID:7428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59977.exe
    3⤵
    PID:6084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
    3⤵
    PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
    3⤵
    PID:7416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
    3⤵
    PID:7460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18982.exe
    3⤵
    PID:8780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
    3⤵
    PID:9628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 224
        5⤵
        Program crash
        
        PID:1996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
        7⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 224
        8⤵
        Program crash
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
        7⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
        7⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        7⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 228
        7⤵
        
        PID:8976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        7⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 228
        7⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
        6⤵
        
        PID:5248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 244
        6⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40631.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        7⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        7⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 244
        7⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52172.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        6⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        6⤵
        
        PID:8140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
        6⤵
        
        PID:9196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        6⤵
        
        PID:10124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        5⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        6⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        7⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        7⤵
        
        PID:6516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        6⤵
        Program crash
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        5⤵
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 224
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        5⤵
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39874.exe
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        5⤵
        
        PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        5⤵
        
        PID:9696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
        7⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
        7⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 224
        7⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        6⤵
        
        PID:4544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        6⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        5⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        6⤵
        
        PID:6544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        6⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35917.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        6⤵
        
        PID:8688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        6⤵
        
        PID:9724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        5⤵
        Program crash
        
        PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13886.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45255.exe
        6⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        7⤵
        
        PID:5992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 244
        6⤵
        
        PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38004.exe
        5⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        6⤵
        
        PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49751.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        5⤵
        
        PID:6336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53440.exe
        5⤵
        
        PID:6632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 248
        5⤵
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        6⤵
        
        PID:2236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 216
        5⤵
        Program crash
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
      4⤵
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        5⤵
        
        PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32439.exe
      4⤵
      PID:7092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 244
      4⤵
      PID:7200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 244
      4⤵
      Program crash
      PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42018.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        5⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
        6⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:9228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        6⤵
        
        PID:332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 224
        6⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        5⤵
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 224
        6⤵
        
        PID:9556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 244
        5⤵
        Program crash
        
        PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
      4⤵
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        5⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12517.exe
        6⤵
        
        PID:9684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        5⤵
        
        PID:5052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 244
        5⤵
        
        PID:6220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      4⤵
      PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23434.exe
        5⤵
        
        PID:8764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        5⤵
        
        PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
      4⤵
      PID:4136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 244
      4⤵
      PID:6160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16559.exe
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
      4⤵
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        5⤵
        
        PID:3816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        5⤵
        Program crash
        
        PID:5028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
      4⤵
      PID:3516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 244
      4⤵
      Program crash
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
    3⤵
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe
      4⤵
      PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      4⤵
      PID:6316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 248
      4⤵
      PID:7304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
    3⤵
    PID:3340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 228
    3⤵
    - Program crash
    PID:5364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        Program crash
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
        8⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
        8⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31003.exe
        8⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        8⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        8⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        7⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        6⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        7⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 224
        7⤵
        
        PID:7248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 248
        6⤵
        Program crash
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26157.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55776.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        8⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        8⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        8⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        7⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55996.exe
        6⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        7⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        7⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        7⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52253.exe
        7⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54933.exe
        7⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        7⤵
        
        PID:9688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        6⤵
        Program crash
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        5⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        6⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
        7⤵
        Program crash
        
        PID:3032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        6⤵
        Program crash
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        5⤵
        
        PID:1860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 224
        6⤵
        Program crash
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        5⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1003.exe
        6⤵
        
        PID:8776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 240
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        5⤵
        
        PID:4924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 248
        5⤵
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
        8⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 228
        8⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        7⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        7⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 248
        7⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        6⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46861.exe
        7⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 224
        7⤵
        
        PID:7236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
        6⤵
        
        PID:4904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        7⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        7⤵
        Program crash
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        6⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 224
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        6⤵
        
        PID:4896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 248
        6⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
        5⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        6⤵
        
        PID:7108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 228
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        5⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        6⤵
        
        PID:9008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21180.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        5⤵
        
        PID:6912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 244
        5⤵
        
        PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58629.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        6⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 224
        7⤵
        Program crash
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        6⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
        6⤵
        
        PID:7080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        6⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        6⤵
        
        PID:4884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
        5⤵
        
        PID:5616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
        5⤵
        
        PID:6272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 228
        5⤵
        
        PID:7256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
        6⤵
        
        PID:7784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        6⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        6⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56257.exe
        5⤵
        
        PID:6192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 244
        5⤵
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        5⤵
        
        PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
        5⤵
        
        PID:7524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46388.exe
        5⤵
        
        PID:8504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        5⤵
        
        PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
      4⤵
      PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
      4⤵
      PID:8588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
      4⤵
      PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
      4⤵
      PID:9788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        8⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 228
        7⤵
        Program crash
        
        PID:4176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        6⤵
        Program crash
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        5⤵
        
        PID:600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 220
        6⤵
        Program crash
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        5⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38921.exe
        6⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        5⤵
        
        PID:4880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 244
        5⤵
        
        PID:6176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25198.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14918.exe
        7⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6288.exe
        6⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        6⤵
        
        PID:7936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55463.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        6⤵
        
        PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        5⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10197.exe
        5⤵
        
        PID:4844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 248
        5⤵
        
        PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        6⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        6⤵
        
        PID:6560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 248
        6⤵
        
        PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
        5⤵
        
        PID:3460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 224
        5⤵
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
      4⤵
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        5⤵
        
        PID:4756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        5⤵
        
        PID:5804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1625.exe
      4⤵
      PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6292
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 248
      4⤵
      PID:8132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10938.exe
        5⤵
        
        PID:3048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 224
        6⤵
        Program crash
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        5⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        6⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62936.exe
        6⤵
        
        PID:9868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 224
        5⤵
        Program crash
        
        PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58155.exe
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32139.exe
        6⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 224
        6⤵
        
        PID:9000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        5⤵
        Program crash
        
        PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        5⤵
        
        PID:7628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 228
        5⤵
        
        PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 244
      4⤵
      PID:6908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
      4⤵
      PID:2740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        5⤵
        Program crash
        
        PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        5⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        5⤵
        
        PID:2408
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
      4⤵
      Program crash
      PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 244
      4⤵
      Program crash
      PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19228.exe
    3⤵
    PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
      4⤵
      PID:8472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 224
      4⤵
      PID:8488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
    3⤵
    PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32456.exe
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
    3⤵
    PID:7140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
    3⤵
    PID:7212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
    3⤵
    PID:8208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
    3⤵
    PID:8740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
    3⤵
    PID:1304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        5⤵
        
        PID:2208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 244
        6⤵
        Program crash
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        5⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        6⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44935.exe
        6⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        6⤵
        
        PID:9264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 244
        5⤵
        Program crash
        
        PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      4⤵
      PID:1328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 220
        5⤵
        Program crash
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
      4⤵
      PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8608.exe
        5⤵
        
        PID:7924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 228
        5⤵
        
        PID:8480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 248
      4⤵
      Program crash
      PID:4740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59179.exe
      4⤵
      PID:3012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 224
        5⤵
        Program crash
        
        PID:2656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
      4⤵
      Program crash
      PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8105.exe
      4⤵
      PID:1012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 220
        5⤵
        Program crash
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
      4⤵
      PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 224
        5⤵
        
        PID:8404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 248
      4⤵
      PID:6184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23409.exe
    3⤵
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
      4⤵
      PID:5212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 224
      4⤵
      PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
    3⤵
    PID:6876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
    3⤵
    PID:8060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
    3⤵
    PID:8856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
    3⤵
    PID:10152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46416.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
    3⤵
    - Program crash
    PID:2728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
    3⤵
    PID:2268
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 224
      4⤵
      Program crash
      PID:3716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 228
    3⤵
    - Program crash
    PID:3652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
  2⤵
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 244
    3⤵
    PID:6988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
  2⤵
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
  2⤵
  PID:4124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
  2⤵
  PID:6348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
  2⤵
  PID:6688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
  2⤵
  PID:7920
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48524.exe
  2⤵
  PID:9184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:8268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
  2⤵
  PID:9524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10228.exe

Filesize
468KB

MD5
39921bbae72b7e26e8a58d69d3e91624

SHA1
90c86777e4d638ec2f873cfff16dfc1cb998b599

SHA256
3953d51c89a8abb3d743a29bdc276ec24347b571e7d49b19cf775ea4ee2c5ce5

SHA512
0c8ac9c3471abbc8fcdb104473af2e6dbed8240378bdaa419cf74aebc3d58a06697c51026fc632f1812b94a1789c82342d4b9735d9d27bb07d88267758852a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe

Filesize
468KB

MD5
5618bc2074ac4ca65c212b1ee63d6d66

SHA1
e91801adb41e68de748bef7dc3fb2d69f0dc61f7

SHA256
f6f1f7bccb22197731e0b9267117d481796e49ef7dde0e768131dda65e7c92e8

SHA512
25bfa3e08540f2a16d72eda428108e2bc182ef3546a9152f801c59ff4b23a630dba3051e346a3191af6d65d905be9c6283942fae7dbd056993b76ee4bacb82fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24018.exe

Filesize
468KB

MD5
3ce2983821cf32344bfaa91d318f10d4

SHA1
9cdf775afc7505111a96fe7b873bb5e3da028122

SHA256
9ffb946e67d404fdb1f5380a8031708e81e5414f6f2edda38e378c50b37d73e1

SHA512
d2b2b8318ca188e29bf12bce8886509b038ebd9c94fc40b172765b810850e1065f9a81f3fd038d0c211a6e5e8668c109e6dd3a2d47cfbc7b4c1ab5c6745d81b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24421.exe

Filesize
468KB

MD5
4391368274bec110f14408152042b87f

SHA1
4eeb79634d183a58eb614003392dd892d06146f7

SHA256
ecab82e26c0c011ada9732f49ab11c1adee33bdb9ee71e336dac7a2256da2fe6

SHA512
ef124257db194f8db4b666b2f3d0da61978094f6b1741ebfb7774495de035ae8436451e6139fbcdf673d2be4434f7f51491cab8a78412863c0beb19b57388a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe

Filesize
468KB

MD5
e671f1c7f1d29abc6e3caf063df79348

SHA1
846068d624656c9c0196f73300d190021be5e6c1

SHA256
b960939a53f7790d2e543bc55fd60061c345790dadf7e782fe2bf8573239f85c

SHA512
63f05ae770093f15d46b0c41cda406336888a8039e1bec056a9dee070df981608e08f774687cb3868a67b8cbb2acc30e3b326de7f43258897b8aa541fefc0a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe

Filesize
468KB

MD5
3a779e9ec652a96f1645164b712b595d

SHA1
a81b9cb2cfd65864d517c44ee96dea266b07b8a7

SHA256
768afd49bc155e624155fcf20821b04f892231e0df26f6af2e28c2ff59461b28

SHA512
760cd7e60746527a8baa394acef18ec07eff1c41bc159a0e340801d74d03b4a86702b5eb43f1f62484cd6b2f95a10ff159e9d915ce7332fb52d0cf355473eb36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe

Filesize
468KB

MD5
b1f9e8e7e1ee6348cdbd56717ee678c0

SHA1
134490745895a7cd7ecc3532d85100eecb6da294

SHA256
3627080100b3f3fd81f652338c4992861449211cba70f770c8f3fca96d4d5126

SHA512
7db68f58ac68cb502731d597d6e14a6ad89289f35ac379b7079bb5b39ce4c74b493cb42feecac0fe9bdf678be24489227aecd2849ac8aa1ad3d8e99eb332bda5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7225.exe

Filesize
468KB

MD5
ab2019300a7fb0b379903d120c9f6394

SHA1
70ab3f30e29e5fa1826a924aeb428982a032fba0

SHA256
393903e69610f47188aa7648b4bc762c3bf4bbbee84597f70e929116eeee7508

SHA512
510e3c1046eff7fb8805916d1e81b7f516913eac86dae67df90818be9a251b8a085cf42ede6064b06cdffba459945761437b0351da0272264887e0d5d3f16312

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe

Filesize
468KB

MD5
c5aa493031d7d396828b7800d365dc9f

SHA1
0421b0d6528ebcf7a6ed7ebd2a7566a35a73c464

SHA256
0f00bbd9c575a68474e38e0ca6ac229c31d9e3092bc494137c58740297650679

SHA512
4fd2e64a45076f9b9367dcc388d11f8a7911d3ba038736286cb7cf2f0c184ec7fad2fbc4f3bec2f00ff953ebc2bf536cb5f3e03c4ae1723b459247b6caf91a23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe

Filesize
468KB

MD5
7f8d09c17ad8800742ca0b120840a9df

SHA1
df897b5b039ea3454c7da253a65447a557c88667

SHA256
18213918f5ee64fc99a359ebcab89aea6175dc3b0bea3cbd5529c891fed288e6

SHA512
4bf226df7c9d70d78715bf0458e75d7ab03d94d3db45e761298783fc46361557b8d6b400a4ad92f7e97069a0ef33f9b8b26567fd10f194a42d86f527456744dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe

Filesize
468KB

MD5
e679b79cf079ebd0e1f6b7eff2f1d4e7

SHA1
8f3c84ab814baf5c4d3df6e0a7b7fe1bc8f09eec

SHA256
49a5fc99ab9bb0fd296a960c7a339fb10e72a59fb628abfef9513733d3b0cca4

SHA512
94d89f27ef24d51be31ab5d86ce1235a31bf60be5191886afd336d34c9823c3b7ac31a8fb65216680c19dcd8a946a563e25813a8dceeb7f380a74f1729a3f424

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3316.exe

Filesize
468KB

MD5
bb1fa717ce09c0e7910b288fb95129c5

SHA1
a2231db339ae18dcd2ae491e03695ad6656cb5ff

SHA256
587111e430bf993cf966d7a7269dc45f838d6dfccfe098f7888e4a49999cf7f4

SHA512
5617cfa67bc2e7cee9e26039d2bfd69d430ca58d543b986dad032e84d80c102c473dee0ffcd9a27ea3915b4d82c33d4741e339fa142929db84e93b46cf8b4188

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe

Filesize
468KB

MD5
fa976cb1a51ad5e3e11b0ac25247374e

SHA1
c34919aee06c5048330b71e6e9131407b79bd460

SHA256
b3d47d3a94fedca29a6c3491d48f15a14770848de716cec33a097d36eecddad1

SHA512
b46f5375aa4d67b4375e751e713e99d75d47c43b3f92d21fe1695b5fbc8812a904e48a5d573a1a155fe720c9b033bed5a2acb36a45e53b4e14241203216778ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36254.exe

Filesize
468KB

MD5
5c74c531d15ead4b9d5caffda7cc843b

SHA1
6a0600b298d8164837fb03b6c73526d92235c419

SHA256
715b49e68df576452fe269c150c50fa5e522418416bcdc1328ff3cb214271406

SHA512
82c776b70288922e70a2deeb02072e735d5f8f4bb93c603546b40badb21b90d5a2853455dfe97354b69bf17e2363a2c0f67386feb3e07e72484fb2029b093132

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-370.exe

Filesize
468KB

MD5
d73aa3f533576622212dda9b8ec8d596

SHA1
a5f797e18e36a5a7426d5889a260cd440c501c83

SHA256
925b0f93e60859c2f7e0c5a81e5dd51b24d30b749a6e3f940965afd29bbaa58d

SHA512
43e71259c4fb1a52592a2fdc0e9a3b0b87ef2bf805f4597bfb1a27172ada2ed61568ccc87031db6fe7a3c527f6f6fca69c207d4d3740f0c2aad3d821a008f7b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe

Filesize
468KB

MD5
a837b0a5abda6dd7b31ecf2ccb16c67f

SHA1
40a3ccbdf9de81d502aafe7c11862e00ab85a203

SHA256
8f4f525795df3676760a3bf1f4f0c6002fa7ba4d8613cfd996ed55501debc9ba

SHA512
efacbaba500f10819e2f0d2a906952b8f7e1b08d1af8138c6fc7691b865691b9b14297d5b82db12b8abd37375a29743dd385a739d867e9b9458e4907c79751f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48485.exe

Filesize
468KB

MD5
9eb06b97ed2cc7b72eeef175b39dd6bd

SHA1
128a9f3d694c97c1daae0911138d5c92ba8fdb3d

SHA256
1a1b15cd0030d7dad11934086faf5e307ee5179a2edeb0af7d1143f26f301d8a

SHA512
7b1e52f47b8b4ec495fb42fc92bd7e3a8afeb8545b2745816bec445698fe11cf566e3ee192b2594d1be80951b09aab60a6d1037a71ffcce20a77492c6b09d026

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe

Filesize
468KB

MD5
f93442a74b6aa6a0c43ecf2d898a04d8

SHA1
d202d939cb7bfe4b6bfd091068d72fce74850d2c

SHA256
2891cd86cda97d890e1c71cc8ed117688236d290652c97c20a533b928f87a0f2

SHA512
5d571b204dfc5ebc4ce203f10c08a64e4a4426552b4759ddaf9f49ff8c06c68aa0e07009265755599e4194018a37ea98d034ded878924affc1709dd1ebe6ed04

Download Submit