41f8f0739e789890a310d7bf96337a0e643f7835c98447a5ad49f8b449f4987f

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23b7a674d490e905957f044084c75ce0N.exe
Size

468KB
MD5

23b7a674d490e905957f044084c75ce0
SHA1

4e626761f3b9210472281792e10d60d23f9cc203
SHA256

41f8f0739e789890a310d7bf96337a0e643f7835c98447a5ad49f8b449f4987f
SHA512

1592f6da27a15622fc1b50de79b30ec21dd7473c9cd104243cdd75814a898b1b0ac5e696148aaded9e678f628e74ac238edf203c4afd0074ca0651a0975f41fd
SSDEEP

3072:Qx6ToRlZIC3YtbHCPzcjffT9EWhZ8mpD8LHCkdhngaOcqxsNsPl3:QxGoO0YtuP4jffcmxKga3+sNs

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1932	Unicorn-10337.exe
2796	Unicorn-50244.exe
2924	Unicorn-394.exe
2532	Unicorn-32611.exe
1220	Unicorn-9952.exe
2580	Unicorn-48563.exe
2204	Unicorn-13430.exe
704	Unicorn-7665.exe
2192	Unicorn-57551.exe
2136	Unicorn-57286.exe
2700	Unicorn-52953.exe
1152	Unicorn-39762.exe
544	Unicorn-39378.exe
2820	Unicorn-33247.exe
2336	Unicorn-19512.exe
1964	Unicorn-51729.exe
688	Unicorn-17639.exe
2176	Unicorn-36436.exe
2744	Unicorn-52388.exe
2000	Unicorn-43458.exe
2940	Unicorn-2730.exe
800	Unicorn-19524.exe
2088	Unicorn-2995.exe
2084	Unicorn-62402.exe
2856	Unicorn-3415.exe
1724	Unicorn-22404.exe
1732	Unicorn-22212.exe
1720	Unicorn-51355.exe
1396	Unicorn-38548.exe
1544	Unicorn-18490.exe
1056	Unicorn-64706.exe
2588	Unicorn-34000.exe
2436	Unicorn-46423.exe
1672	Unicorn-33040.exe
2632	Unicorn-47466.exe
2808	Unicorn-65494.exe
2512	Unicorn-40521.exe
2768	Unicorn-450.exe
2508	Unicorn-19859.exe
3008	Unicorn-31404.exe
1620	Unicorn-2261.exe
1448	Unicorn-50621.exe
2224	Unicorn-30828.exe
2216	Unicorn-34166.exe
2732	Unicorn-30636.exe
1368	Unicorn-13039.exe
2876	Unicorn-1301.exe
828	Unicorn-63117.exe
2736	Unicorn-60596.exe
2900	Unicorn-2920.exe
2728	Unicorn-2920.exe
2016	Unicorn-16220.exe
1776	Unicorn-45223.exe
2364	Unicorn-51353.exe
2104	Unicorn-41104.exe
1124	Unicorn-35239.exe
1524	Unicorn-41369.exe
752	Unicorn-921.exe
1648	Unicorn-10891.exe
1656	Unicorn-10891.exe
1696	Unicorn-24626.exe
2064	Unicorn-24626.exe
2960	Unicorn-30757.exe
264	Unicorn-30757.exe

Loads dropped DLL 64 IoCs

pid	Process
2200	23b7a674d490e905957f044084c75ce0N.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
1932	Unicorn-10337.exe
1932	Unicorn-10337.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2924	Unicorn-394.exe
2924	Unicorn-394.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2796	Unicorn-50244.exe
2796	Unicorn-50244.exe
1932	Unicorn-10337.exe
1932	Unicorn-10337.exe
1220	Unicorn-9952.exe
1220	Unicorn-9952.exe
2532	Unicorn-32611.exe
2532	Unicorn-32611.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2924	Unicorn-394.exe
2204	Unicorn-13430.exe
2204	Unicorn-13430.exe
2924	Unicorn-394.exe
1932	Unicorn-10337.exe
2796	Unicorn-50244.exe
2580	Unicorn-48563.exe
2580	Unicorn-48563.exe
1932	Unicorn-10337.exe
2796	Unicorn-50244.exe
2192	Unicorn-57551.exe
2192	Unicorn-57551.exe
2532	Unicorn-32611.exe
2532	Unicorn-32611.exe
2136	Unicorn-57286.exe
2136	Unicorn-57286.exe
2820	Unicorn-33247.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
2820	Unicorn-33247.exe
2200	23b7a674d490e905957f044084c75ce0N.exe
1932	Unicorn-10337.exe
544	Unicorn-39378.exe
2336	Unicorn-19512.exe
2796	Unicorn-50244.exe
1932	Unicorn-10337.exe
544	Unicorn-39378.exe
2336	Unicorn-19512.exe
2796	Unicorn-50244.exe
2580	Unicorn-48563.exe
2580	Unicorn-48563.exe
704	Unicorn-7665.exe
704	Unicorn-7665.exe
1220	Unicorn-9952.exe
1152	Unicorn-39762.exe
1220	Unicorn-9952.exe
1152	Unicorn-39762.exe
2700	Unicorn-52953.exe
2700	Unicorn-52953.exe
2204	Unicorn-13430.exe
2204	Unicorn-13430.exe
2924	Unicorn-394.exe
2924	Unicorn-394.exe
1964	Unicorn-51729.exe
1964	Unicorn-51729.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2936	2084	WerFault.exe	53
2672	2744	WerFault.exe	48
472	1544	WerFault.exe	59
780	1720	WerFault.exe	56
880	2204	WerFault.exe	36
2284	1964	WerFault.exe	45
2452	2632	WerFault.exe	64
2984	2436	WerFault.exe	62
552	2808	WerFault.exe	65
2852	2960	WerFault.exe	101
3900	1732	WerFault.exe	57
3892	704	WerFault.exe	37
3924	1980	WerFault.exe	118
3948	1052	WerFault.exe	126
3960	2148	WerFault.exe	162
3976	2380	WerFault.exe	115
3148	2656	WerFault.exe	122
3432	3692	WerFault.exe	201
3612	2556	WerFault.exe	170
3424	2228	WerFault.exe	168
3628	1252	WerFault.exe	143
4068	2536	WerFault.exe	106
4264	2876	WerFault.exe	78
4816	1528	WerFault.exe	112
5128	304	WerFault.exe	133
5144	2580	WerFault.exe	35
5168	2884	WerFault.exe	125
5212	2764	WerFault.exe	123
5696	2700	WerFault.exe	40
5712	2176	WerFault.exe	47
5764	2888	WerFault.exe	154
5796	1344	WerFault.exe	161
5784	2064	WerFault.exe	99
5776	2260	WerFault.exe	136
5756	3320	WerFault.exe	190
5832	2732	WerFault.exe	76
5816	752	WerFault.exe	92
5848	828	WerFault.exe	79
5156	688	WerFault.exe	46
5164	2664	WerFault.exe	124
5444	2620	WerFault.exe	105
5416	1984	WerFault.exe	131
5428	2932	WerFault.exe	130
5352	1588	WerFault.exe	132
5280	2980	WerFault.exe	113
5180	1756	WerFault.exe	103
5208	1640	WerFault.exe	120
6856	1620	WerFault.exe	72
6840	2940	WerFault.exe	50
7064	2364	WerFault.exe	87
7072	2728	WerFault.exe	81
7016	3332	WerFault.exe	191
7032	1672	WerFault.exe	63
7124	800	WerFault.exe	51
7164	2844	WerFault.exe	141
7128	888	WerFault.exe	169
6376	2588	WerFault.exe	61
6424	1676	WerFault.exe	137
6800	3100	WerFault.exe	184
6836	2880	WerFault.exe	140
6788	2080	WerFault.exe	160
6772	3252	WerFault.exe	188
6756	1808	WerFault.exe	164
6728	1888	WerFault.exe	146

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43274.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51253.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28987.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24817.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46423.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23821.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22106.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25970.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58820.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35404.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46132.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40908.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25449.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25584.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44920.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50018.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32679.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50392.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2200	23b7a674d490e905957f044084c75ce0N.exe
1932	Unicorn-10337.exe
2924	Unicorn-394.exe
2796	Unicorn-50244.exe
2532	Unicorn-32611.exe
1220	Unicorn-9952.exe
2580	Unicorn-48563.exe
2204	Unicorn-13430.exe
704	Unicorn-7665.exe
2192	Unicorn-57551.exe
2136	Unicorn-57286.exe
1152	Unicorn-39762.exe
2336	Unicorn-19512.exe
2700	Unicorn-52953.exe
544	Unicorn-39378.exe
2820	Unicorn-33247.exe
1964	Unicorn-51729.exe
2176	Unicorn-36436.exe
688	Unicorn-17639.exe
2940	Unicorn-2730.exe
2744	Unicorn-52388.exe
2088	Unicorn-2995.exe
2000	Unicorn-43458.exe
800	Unicorn-19524.exe
2084	Unicorn-62402.exe
2856	Unicorn-3415.exe
1724	Unicorn-22404.exe
1732	Unicorn-22212.exe
1720	Unicorn-51355.exe
1396	Unicorn-38548.exe
1544	Unicorn-18490.exe
1056	Unicorn-64706.exe
2588	Unicorn-34000.exe
2436	Unicorn-46423.exe
1672	Unicorn-33040.exe
2632	Unicorn-47466.exe
2808	Unicorn-65494.exe
2768	Unicorn-450.exe
2512	Unicorn-40521.exe
2508	Unicorn-19859.exe
1620	Unicorn-2261.exe
3008	Unicorn-31404.exe
1448	Unicorn-50621.exe
2224	Unicorn-30828.exe
2732	Unicorn-30636.exe
2216	Unicorn-34166.exe
2876	Unicorn-1301.exe
1368	Unicorn-13039.exe
828	Unicorn-63117.exe
2900	Unicorn-2920.exe
2736	Unicorn-60596.exe
2728	Unicorn-2920.exe
1776	Unicorn-45223.exe
2016	Unicorn-16220.exe
2364	Unicorn-51353.exe
2104	Unicorn-41104.exe
1124	Unicorn-35239.exe
1524	Unicorn-41369.exe
752	Unicorn-921.exe
1756	Unicorn-30757.exe
2064	Unicorn-24626.exe
264	Unicorn-30757.exe
1656	Unicorn-10891.exe
1696	Unicorn-24626.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 1932	2200	23b7a674d490e905957f044084c75ce0N.exe	30
PID 2200 wrote to memory of 1932	2200	23b7a674d490e905957f044084c75ce0N.exe	30
PID 2200 wrote to memory of 1932	2200	23b7a674d490e905957f044084c75ce0N.exe	30
PID 2200 wrote to memory of 1932	2200	23b7a674d490e905957f044084c75ce0N.exe	30
PID 1932 wrote to memory of 2796	1932	Unicorn-10337.exe	31
PID 1932 wrote to memory of 2796	1932	Unicorn-10337.exe	31
PID 1932 wrote to memory of 2796	1932	Unicorn-10337.exe	31
PID 1932 wrote to memory of 2796	1932	Unicorn-10337.exe	31
PID 2200 wrote to memory of 2924	2200	23b7a674d490e905957f044084c75ce0N.exe	32
PID 2200 wrote to memory of 2924	2200	23b7a674d490e905957f044084c75ce0N.exe	32
PID 2200 wrote to memory of 2924	2200	23b7a674d490e905957f044084c75ce0N.exe	32
PID 2200 wrote to memory of 2924	2200	23b7a674d490e905957f044084c75ce0N.exe	32
PID 2924 wrote to memory of 2532	2924	Unicorn-394.exe	33
PID 2924 wrote to memory of 2532	2924	Unicorn-394.exe	33
PID 2924 wrote to memory of 2532	2924	Unicorn-394.exe	33
PID 2924 wrote to memory of 2532	2924	Unicorn-394.exe	33
PID 2200 wrote to memory of 1220	2200	23b7a674d490e905957f044084c75ce0N.exe	34
PID 2200 wrote to memory of 1220	2200	23b7a674d490e905957f044084c75ce0N.exe	34
PID 2200 wrote to memory of 1220	2200	23b7a674d490e905957f044084c75ce0N.exe	34
PID 2200 wrote to memory of 1220	2200	23b7a674d490e905957f044084c75ce0N.exe	34
PID 2796 wrote to memory of 2580	2796	Unicorn-50244.exe	35
PID 2796 wrote to memory of 2580	2796	Unicorn-50244.exe	35
PID 2796 wrote to memory of 2580	2796	Unicorn-50244.exe	35
PID 2796 wrote to memory of 2580	2796	Unicorn-50244.exe	35
PID 1932 wrote to memory of 2204	1932	Unicorn-10337.exe	36
PID 1932 wrote to memory of 2204	1932	Unicorn-10337.exe	36
PID 1932 wrote to memory of 2204	1932	Unicorn-10337.exe	36
PID 1932 wrote to memory of 2204	1932	Unicorn-10337.exe	36
PID 1220 wrote to memory of 704	1220	Unicorn-9952.exe	37
PID 1220 wrote to memory of 704	1220	Unicorn-9952.exe	37
PID 1220 wrote to memory of 704	1220	Unicorn-9952.exe	37
PID 1220 wrote to memory of 704	1220	Unicorn-9952.exe	37
PID 2532 wrote to memory of 2192	2532	Unicorn-32611.exe	38
PID 2532 wrote to memory of 2192	2532	Unicorn-32611.exe	38
PID 2532 wrote to memory of 2192	2532	Unicorn-32611.exe	38
PID 2532 wrote to memory of 2192	2532	Unicorn-32611.exe	38
PID 2200 wrote to memory of 2136	2200	23b7a674d490e905957f044084c75ce0N.exe	39
PID 2200 wrote to memory of 2136	2200	23b7a674d490e905957f044084c75ce0N.exe	39
PID 2200 wrote to memory of 2136	2200	23b7a674d490e905957f044084c75ce0N.exe	39
PID 2200 wrote to memory of 2136	2200	23b7a674d490e905957f044084c75ce0N.exe	39
PID 2204 wrote to memory of 1152	2204	Unicorn-13430.exe	41
PID 2204 wrote to memory of 1152	2204	Unicorn-13430.exe	41
PID 2204 wrote to memory of 1152	2204	Unicorn-13430.exe	41
PID 2204 wrote to memory of 1152	2204	Unicorn-13430.exe	41
PID 2924 wrote to memory of 2700	2924	Unicorn-394.exe	40
PID 2924 wrote to memory of 2700	2924	Unicorn-394.exe	40
PID 2924 wrote to memory of 2700	2924	Unicorn-394.exe	40
PID 2924 wrote to memory of 2700	2924	Unicorn-394.exe	40
PID 2580 wrote to memory of 544	2580	Unicorn-48563.exe	44
PID 2580 wrote to memory of 544	2580	Unicorn-48563.exe	44
PID 2580 wrote to memory of 544	2580	Unicorn-48563.exe	44
PID 2580 wrote to memory of 544	2580	Unicorn-48563.exe	44
PID 1932 wrote to memory of 2820	1932	Unicorn-10337.exe	42
PID 1932 wrote to memory of 2820	1932	Unicorn-10337.exe	42
PID 1932 wrote to memory of 2820	1932	Unicorn-10337.exe	42
PID 1932 wrote to memory of 2820	1932	Unicorn-10337.exe	42
PID 2796 wrote to memory of 2336	2796	Unicorn-50244.exe	43
PID 2796 wrote to memory of 2336	2796	Unicorn-50244.exe	43
PID 2796 wrote to memory of 2336	2796	Unicorn-50244.exe	43
PID 2796 wrote to memory of 2336	2796	Unicorn-50244.exe	43
PID 2192 wrote to memory of 1964	2192	Unicorn-57551.exe	45
PID 2192 wrote to memory of 1964	2192	Unicorn-57551.exe	45
PID 2192 wrote to memory of 1964	2192	Unicorn-57551.exe	45
PID 2192 wrote to memory of 1964	2192	Unicorn-57551.exe	45

C:\Users\Admin\AppData\Local\Temp\23b7a674d490e905957f044084c75ce0N.exe
"C:\Users\Admin\AppData\Local\Temp\23b7a674d490e905957f044084c75ce0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        9⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        9⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
        8⤵
        Program crash
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33361.exe
        8⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 216
        8⤵
        Program crash
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        7⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        7⤵
        Program crash
        
        PID:7124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48027.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52712.exe
        10⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        Program crash
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
        9⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
        9⤵
        Program crash
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        9⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
        8⤵
        Program crash
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        8⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        8⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        8⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        7⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
        7⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        7⤵
        
        PID:8480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        8⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        7⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        7⤵
        Program crash
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        7⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        7⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        6⤵
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39357.exe
        6⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
        6⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        8⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        8⤵
        Program crash
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        7⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        7⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        7⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        7⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
        7⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        7⤵
        
        PID:9052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        6⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        6⤵
        
        PID:7832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        8⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        7⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38914.exe
        7⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        6⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        6⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
        6⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
        6⤵
        
        PID:8328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        6⤵
        
        PID:8476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        5⤵
        
        PID:2656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        6⤵
        Program crash
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
        5⤵
        
        PID:3372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        5⤵
        Program crash
        
        PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62189.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56453.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        8⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8656.exe
        7⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        7⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        7⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36184.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 220
        8⤵
        Program crash
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        7⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        7⤵
        Program crash
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        6⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30180.exe
        6⤵
        
        PID:4804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        6⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        6⤵
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        6⤵
        Program crash
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        6⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        6⤵
        
        PID:7736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-582.exe
        6⤵
        
        PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        5⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        5⤵
        
        PID:6656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        5⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        5⤵
        Program crash
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
        7⤵
        Program crash
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        6⤵
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        6⤵
        Program crash
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        5⤵
        
        PID:2228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        6⤵
        Program crash
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        5⤵
        
        PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34810.exe
      4⤵
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        5⤵
        
        PID:3888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        5⤵
        Program crash
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51974.exe
      4⤵
      PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33721.exe
      4⤵
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
      4⤵
      PID:8956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
        9⤵
        Program crash
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        9⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        9⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
        8⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        8⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        8⤵
        Program crash
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        Program crash
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
        6⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45658.exe
        8⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        8⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        8⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        8⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        7⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 240
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49140.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49356.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
        7⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        6⤵
        Program crash
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        7⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        6⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        6⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        
        PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
        5⤵
        
        PID:2148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
        6⤵
        Program crash
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6090.exe
        5⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
        5⤵
        
        PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        5⤵
        
        PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 220
        5⤵
        Program crash
        
        PID:472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
      4⤵
      Program crash
      PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52388.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        5⤵
        Program crash
        
        PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        5⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11268.exe
        7⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        7⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 216
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64716.exe
        6⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        5⤵
        
        PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38827.exe
        5⤵
        
        PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        5⤵
        
        PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:5544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 220
        5⤵
        Program crash
        
        PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
      4⤵
      PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
      4⤵
      PID:9136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63320.exe
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58863.exe
        6⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35404.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        6⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        6⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        6⤵
        
        PID:8508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        5⤵
        Program crash
        
        PID:4264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        5⤵
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        7⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        6⤵
        Program crash
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
        5⤵
        
        PID:6876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 220
        5⤵
        
        PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        5⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65441.exe
        5⤵
        
        PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        5⤵
        
        PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        5⤵
        
        PID:8640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
      4⤵
      PID:5200
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
      4⤵
      Program crash
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        5⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        5⤵
        
        PID:6536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        5⤵
        
        PID:8608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      4⤵
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      4⤵
      PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      4⤵
      PID:9164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
      4⤵
      PID:5984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
      4⤵
      Program crash
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
    3⤵
    PID:5432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
    3⤵
    PID:7100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
    3⤵
    PID:8216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39679.exe
    3⤵
    PID:8700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37883.exe
        9⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        8⤵
        Program crash
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        7⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        7⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:6376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        6⤵
        Program crash
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        6⤵
        Program crash
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43274.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        7⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        6⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:8000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
        6⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        6⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22042.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        6⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        6⤵
        
        PID:7052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        6⤵
        
        PID:7548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6866.exe
        5⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        6⤵
        
        PID:6236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 220
        6⤵
        
        PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        5⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
        5⤵
        
        PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
        5⤵
        
        PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        5⤵
        
        PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        7⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        7⤵
        
        PID:8692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        6⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
        6⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        6⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7834.exe
        6⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        5⤵
        
        PID:4308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        5⤵
        Program crash
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        6⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        6⤵
        
        PID:8308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        6⤵
        
        PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        5⤵
        
        PID:3348
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        5⤵
        Program crash
        
        PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51233.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        
        PID:6272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        5⤵
        
        PID:7172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24046.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
      4⤵
      PID:5704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
      4⤵
      PID:6896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
      4⤵
      PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:9080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        7⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        7⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15223.exe
        6⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25449.exe
        6⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        6⤵
        
        PID:6716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        6⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20165.exe
        5⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        6⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        6⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        6⤵
        
        PID:8316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        5⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
        5⤵
        
        PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
        5⤵
        
        PID:8932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        5⤵
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        6⤵
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        6⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        6⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        6⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        5⤵
        
        PID:3088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 220
        5⤵
        Program crash
        
        PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      4⤵
      PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        5⤵
        
        PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        5⤵
        
        PID:9024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
      4⤵
      PID:3708
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
      4⤵
      Program crash
      PID:5696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24764.exe
        5⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        6⤵
        
        PID:7108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        6⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38933.exe
        5⤵
        
        PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        5⤵
        
        PID:5272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        5⤵
        Program crash
        
        PID:7064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7394.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
        5⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        5⤵
        
        PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51071.exe
      4⤵
      PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
      4⤵
      PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
      4⤵
      PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24543.exe
      4⤵
      PID:8924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41104.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37270.exe
      4⤵
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        5⤵
        
        PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      4⤵
      PID:5256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
      4⤵
      PID:7140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
      4⤵
      PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
    3⤵
    PID:1252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
      4⤵
      Program crash
      PID:3628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
    3⤵
    PID:3816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
    3⤵
    PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
    3⤵
    PID:6916
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
    3⤵
    PID:7224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        7⤵
        Program crash
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        6⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
        7⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
        7⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
        7⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-390.exe
        7⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        6⤵
        
        PID:4300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        6⤵
        
        PID:5476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        6⤵
        
        PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        7⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
        7⤵
        Program crash
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        6⤵
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25376.exe
        6⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
        6⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        6⤵
        
        PID:9100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        6⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        6⤵
        
        PID:8580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        5⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5571.exe
        5⤵
        
        PID:6264
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        5⤵
        
        PID:7568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31184.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41186.exe
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
        6⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        5⤵
        
        PID:7132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        5⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32244.exe
      4⤵
      PID:2380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        5⤵
        Program crash
        
        PID:3976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
      4⤵
      Program crash
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51355.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
      4⤵
      Program crash
      PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
      4⤵
      PID:1052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        5⤵
        Program crash
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
      4⤵
      PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44920.exe
      4⤵
      PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47051.exe
      4⤵
      PID:6620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24390.exe
      4⤵
      PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:5588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 240
        5⤵
        Program crash
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
      4⤵
      Program crash
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      4⤵
      PID:5580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 220
      4⤵
      Program crash
      PID:6772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
    3⤵
    PID:4736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
    3⤵
    PID:6072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
    3⤵
    PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
    3⤵
    PID:8776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        7⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        7⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        7⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 220
        7⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        6⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        6⤵
        
        PID:7600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 216
        6⤵
        
        PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17679.exe
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        6⤵
        
        PID:6048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        6⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        5⤵
        
        PID:5668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        5⤵
        Program crash
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        6⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        6⤵
        
        PID:6356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
        6⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
        6⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        5⤵
        
        PID:7040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        5⤵
        
        PID:7516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
      4⤵
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21781.exe
        5⤵
        
        PID:5824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 220
        5⤵
        Program crash
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49432.exe
      4⤵
      PID:3560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
      4⤵
      Program crash
      PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47466.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Program crash
      PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
        5⤵
        
        PID:5600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
        5⤵
        Program crash
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
      4⤵
      Program crash
      PID:5784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4031.exe
    3⤵
    PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40810.exe
      4⤵
      PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51253.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24013.exe
      4⤵
      PID:8668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25584.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20352.exe
    3⤵
    PID:7692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
    3⤵
    PID:8252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
      4⤵
      Program crash
      PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
      4⤵
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32977.exe
        5⤵
        
        PID:3352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        5⤵
        Program crash
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48280.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
      4⤵
      PID:6736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
      4⤵
      PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7478.exe
      4⤵
      PID:8768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52074.exe
    3⤵
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8315.exe
      4⤵
      PID:5620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
      4⤵
      Program crash
      PID:6788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
    3⤵
    PID:6024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
    3⤵
    PID:6584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
    3⤵
    PID:7212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40521.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        5⤵
        
        PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
      4⤵
      PID:4284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 220
      4⤵
      Program crash
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
      4⤵
      PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
      4⤵
      PID:8996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36546.exe
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
    3⤵
    PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
    3⤵
    PID:6904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
    3⤵
    PID:7196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55880.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61081.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
      4⤵
      PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50018.exe
      4⤵
      PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23821.exe
      4⤵
      PID:9036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
    3⤵
    - Program crash
    PID:4068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61137.exe
  2⤵
  PID:2972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2674.exe
    3⤵
    PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
    3⤵
    PID:6432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
    3⤵
    PID:7612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:9004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
  2⤵
  PID:3176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
  2⤵
  PID:5940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22697.exe
  2⤵
  PID:6976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53791.exe
  2⤵
  PID:9128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe

Filesize
468KB

MD5
fb4c399a68c4629cd1da1b26309dea75

SHA1
0e47ed402ea6e07062e1b6991d85065bd1dc3d82

SHA256
857ce5673d4e3d76b2e6ff28af835d98b92ba107e61df4aa288d3646a6d3bf1f

SHA512
2083c4cc06259b399e83e980b56aa1d1e997677f92398c6c69c543f1685c5cd97ba23e78d79504e80a5432c03dae6b8e90b0e8eb16f2f7f38de35d706116eb02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe

Filesize
468KB

MD5
ac936f4a74f59e3b00836864796090c7

SHA1
cf599fd3ebf038b960a95826c492529ef4ea7949

SHA256
cc2e0919f836e7d7588d73f92b01c076a8c802797fe1adc2c92ae58933d72a33

SHA512
d8ba65e39e10836ab7ed61793b8031a154d0e2d5071ab4d7ad98c0f56ec1624335f0b8b610c4bdee3ca058f809f384bbb9f4679730fd4d22ef9ff0badcf4bfe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39762.exe

Filesize
468KB

MD5
afeee74a32486854aa14156e7a5b6049

SHA1
0fd51b5ec29b5db6ba36aa58fed92a8721865890

SHA256
699a444ad4aa900d16020343d8b04928088fd58212e781937ea4978dacf1f1e6

SHA512
783dea0906a34c25b20d65daf6037593ef062bf2641c37135210d7694976295edb30941a74164233bc3659f8611d201138ac95abb56d4b4a6c870e7d27366ff0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe

Filesize
468KB

MD5
1a06e422e74ca58959c30c8bd5cc99d4

SHA1
5f32808c81db7641fa2952d18163197917aee465

SHA256
fff115a4cc7c4eee5b65195eaebd87e7b5128b20c7605f62dcd42463aa14cf5f

SHA512
44fbbded041abdae47816578bb100a82c205021fdb341e14d5483d39c60a916864942174a6e76b8688c4b388666b3342e82ed8995cc0453877d7c48a4ae275c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe

Filesize
468KB

MD5
2cc0d519efa3155c7971b0ac0e8fa51f

SHA1
eca140c8d4000df6845494075e36729439b15ed1

SHA256
b7ed0d53b4aa1aae63976b053f5d311f75ffbf367d04b413e738e459c59a2636

SHA512
51c0a98f41338b27f23a7ca0479260dc92939c1d0d8e6c67a66a019e9354908cf41a929ce9225ae4a459236cfb3bbe1866be8c84d5facc808fa8ae535e70555d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe

Filesize
468KB

MD5
4f87a46608b82b7d1d3452e58ae0aab8

SHA1
7b051d44a8d2a36229513b0be73a385659f78cfa

SHA256
eae1b2e851765dc4153770bb6b050ac07ecf62ed5e78ffbbc75739af1b5132e8

SHA512
b64fb88aeb160247c0c0aa357ce85985905956e19f54d7161be8c6464f617698c6957db038b716e48fa04d128d1284682b0130f925d18497a9740de52f027724

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10337.exe

Filesize
468KB

MD5
e37485072e03ae22d8052e9e82a3b71a

SHA1
1be90b87bca5b7c55aaf3afe6867871a802d0c00

SHA256
45c6764151d013a101e8a505403cbf700205463e3843d368152a855f6e2c0fda

SHA512
a8d56403df6b11d48ad36db10fd2640c885663877abb6b5ab0322cf234aa0e96cdffa4e9dc301c73227d50cb256da22dd21fd18acd0570b91124bc43b02482d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe

Filesize
468KB

MD5
00e91edd6fa56fe0d9e38dc04c765eda

SHA1
43ce4a0b4d1256bdd32100ffc55f1e825f46e045

SHA256
948fa52bcd6d5f8b728872695c767ad86b702e9ab862e9f04516569f512ec360

SHA512
af632bfc078c11b5d8d16f90353fe7d64368bea1e46e089ca7ada04d3feecb315fdfce48d3b46a5efc526fd51b27fff75244fd4a9795ca0225c485caba2d48ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17639.exe

Filesize
468KB

MD5
9f375127a53c2dec05b0b5866c91e8b3

SHA1
b1076483b44cc95f9b711651a31c0c805e9656fc

SHA256
ec3a7814f5689a6629b8a5de00f1ffcc1c0efbfe19c8bf462b0e5066bcce46f2

SHA512
539363ff5246c41853d1732e54311b917f7d68da91784ca07c4a0e96db2fdbfb711680a36fa03b3b008c227a5b48a78f67fd6d77477eb7ba290238b6d311f22c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe

Filesize
468KB

MD5
5d216c398e4d6a00fd7d396597ebcb3b

SHA1
d138c0fee2eafbb72c23b89597062f50855e5860

SHA256
741b68fa1d0cb0347167dfd943debf8447c434fc2b71e6cbb701a49ce5241eb5

SHA512
4561fa82c55e808cd65b8ac6bcac7124ef9a8bf25b0927fe5c25eb03b4dfaaf593284b2cdda60d69989b6ed6e4628e953ef60dcce70d295e8f8c6e7b19142955

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe

Filesize
468KB

MD5
a2cc068c362db9bd3d3d6a2d0afd89d8

SHA1
7c9fe5266cafa7d0e6458c7884e0c77374905a19

SHA256
aa89e175b37713521b5b7f886ddebc913583b770d40299a3656af3aa0a78dba3

SHA512
7a18d9be4dd3376c76180fba063fcead5f8f6c65d03c03cf721b3083017c7a1d1814fb7760dede8a9f29ebd2f03b99077dcf1c686518909aabdf8529ffe4c346

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe

Filesize
468KB

MD5
0b4d5376914792a310a3c4a37228d57c

SHA1
f48d4b0c5278ed1f8a10e41c9d74caac3e73158e

SHA256
5039eab6fc270244ebac92f0f1ae6e69b39a84593c0e7d5a61b62afd42f05d04

SHA512
eeafe0c35392b0cdad0454614142c8a25796234a129a970440595fb2c167d89486631fbcd5369ad9a548b6a6639876b3d2f74f3eafe962db97b8784e2651c685

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39378.exe

Filesize
468KB

MD5
146ed831b817ebb59c860e588ab46967

SHA1
be34adef21f7d42e72da1d4f9e96d7cff7ffb416

SHA256
63b132cd3b7c343a3e3be079b0de934d8ff06c8ff34f8d2644823680a7f40d79

SHA512
7c5e2ebb9f5de5e977494aed96e2131637e3d994dc21aa76b0e0855954b802cdee27dd898b1499a235d09d9657044072742ae30a6e3ed62f5f33077f68d1f92d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-394.exe

Filesize
468KB

MD5
bb3e35b3efaa6e88879705977795fff0

SHA1
442e9923e6f86a0947e218a670c40147fc422828

SHA256
7ddf4a99adde67cc43eb4bca468aef0e94dd925e43bd15475ff7cb80bb55f906

SHA512
e29854c0d1be96c744700212cc22652b8398d5cb822d85ad1d78ca500ea945c74eccf5dedf3b8ea19d0ac1095b35654a6e0a868fb04f6c389382d60275cc4a7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe

Filesize
468KB

MD5
431b60be39cdc6dd95b81c9105383e91

SHA1
94945e4bb178ae2504cb744d6fcd0f8fbccbb483

SHA256
3c2eb759dba55ae32eaa2ac21f06e14d68e6baab4281bcfaeecb9f50dafaaebc

SHA512
565f9c20e7131759f4d39d936239c8dbcd1c95002fe67a18e27acb5dbabe568a07370a501de97c238c65dc49037c95a303506072394cfc6846975c4cceb0adc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe

Filesize
468KB

MD5
23f7d50e04ee70af8227012be5853fbd

SHA1
674ca4658245cdc8ec7e81c8f98847c5fb801d50

SHA256
1563bfe492da62af9e6248ad268caa556f0421075cccec4dce790ba03ddc14d1

SHA512
66b46790538cec0c99a35300b39fabdf55d3d8945c0221e5e068f9cf08a0a8640114cf50bb69cfdc3dccd7c24d12a4d8e0cfc5df0ebf66faf4ae65f85996ca03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51729.exe

Filesize
468KB

MD5
363ba56fb46792758e4ff78e0c7c9e24

SHA1
2aec38befea7ac8af4828efd73f6198b7bc0d6d3

SHA256
355df9bbeb7c46f5a11f76a945d1591a3b3f0c3ac5f8ffe1b60587b67879dd25

SHA512
d50568ea4ddf93f187e5882f3ee7e3d5328aecf58de65cd62547d67a64c9cf27a15474b888a4a93c51af94fdeb6cd6c6082191fbee9a37b276016275c979c4d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe

Filesize
468KB

MD5
edf3956dad0d5c2b775540628109cb73

SHA1
b9699998eb502e922da9b697fc7cdfdb10ce6f89

SHA256
4fb7790714b68f8d19142140f047ceaca550f70626fa29d81a9b91b1c3d988b9

SHA512
715e4f21bc70de0ab0fc365c2e20dc7f59965e9842df63950805441bbcbac8ffd11799cf5d9a51ef0c4c6909b47f2e78817fe78e23d807291eccb4b50a73910e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe

Filesize
468KB

MD5
f16010653f1095b891665a4c1af4a3f2

SHA1
6b68d3a2c858802e36412812f7d64eaaee6724a2

SHA256
a9302d68b44baf4b18ba29d53337ae1cde519e06857106fb3ceb07b4eeeb35bb

SHA512
99793643fafbc9db2a2e60da9243c52711ceb0a2c42d2509d80f3c4fd363e2eb85d12a11fdbe711412219e87e7d3b00c2aed89a761fefd32b3a8d91a0700a52a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe

Filesize
468KB

MD5
0feeaa0a880c496cf2a7ca12f80bddbf

SHA1
80e5a98a582776b52beb85f35f4372a6e3b2a980

SHA256
df98ee17f876e3d20263334e72c755cb8091ce6863c46c4dfdef0c6c2141b9d7

SHA512
d9ec4369bd762144f3b614734fb636363e8dbc30b3f5d00d408d7b211245090a3e001121148acd47d6832b5b4882d8ee91852ed78f86cdea99e89bca5a6c3506

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9952.exe

Filesize
468KB

MD5
ce92f73ae9cd72d06b0c07a44e35aec3

SHA1
26588d431afeefef2b3108d1e02bb79e2d41fac4

SHA256
02055af541015583fb79f197fe3ed263b9dfd9a7532edfb266c8a28be44e4e2f

SHA512
985f31adc46b18d3263874e287de64cb42f2d65f484c4ce3b887a2a9fc76d629b7115210ed4a4863e72cc2fab29219fa259d303e4de2539c10e49f6a31c09838

Download Submit