18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
Size

468KB
MD5

ab5e34ff08fdefc7b84a12c4d515b640
SHA1

37328f5deb3b0660b79167599e5923e903b65e0e
SHA256

18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28
SHA512

30fa9da7eace33e5418b44c22996ab964239157c696567f9de00c4e0b3710cd48c28f6a53e4ee1e491e7e21033d78b3bcd7d2a0a57a545c4f4312906aa348e72
SSDEEP

3072:Xkz7ogKxjz8UFbYWPz3Tqf8/Eptj7PpgPmHx+lO0Eln0AFo1SDlk:XkfotAUF1PDTqf/BtuEl04o1S

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1776	Unicorn-39249.exe
2532	Unicorn-32290.exe
2880	Unicorn-53457.exe
2808	Unicorn-2243.exe
2712	Unicorn-5922.exe
2604	Unicorn-25788.exe
2732	Unicorn-59621.exe
2716	Unicorn-19177.exe
2432	Unicorn-39959.exe
3068	Unicorn-11392.exe
2892	Unicorn-45911.exe
2664	Unicorn-43873.exe
532	Unicorn-35705.exe
1164	Unicorn-45471.exe
3056	Unicorn-65071.exe
1000	Unicorn-505.exe
1084	Unicorn-45985.exe
1216	Unicorn-2425.exe
1544	Unicorn-313.exe
1356	Unicorn-61832.exe
888	Unicorn-64817.exe
2572	Unicorn-42690.exe
2228	Unicorn-35299.exe
2044	Unicorn-41429.exe
2436	Unicorn-33074.exe
1616	Unicorn-22139.exe
884	Unicorn-42005.exe
2352	Unicorn-51828.exe
1340	Unicorn-52093.exe
2076	Unicorn-32227.exe
2928	Unicorn-5051.exe
2704	Unicorn-14764.exe
2616	Unicorn-61543.exe
1068	Unicorn-24381.exe
2300	Unicorn-3022.exe
1484	Unicorn-16597.exe
564	Unicorn-62695.exe
1920	Unicorn-62695.exe
816	Unicorn-25446.exe
2116	Unicorn-65117.exe
2348	Unicorn-48781.exe
652	Unicorn-12653.exe
404	Unicorn-64365.exe
1740	Unicorn-40173.exe
1724	Unicorn-18814.exe
1312	Unicorn-48695.exe
3036	Unicorn-37759.exe
1280	Unicorn-57625.exe
2256	Unicorn-46613.exe
1612	Unicorn-52180.exe
1856	Unicorn-13447.exe
1752	Unicorn-33313.exe
2208	Unicorn-38143.exe
2652	Unicorn-18129.exe
2672	Unicorn-63800.exe
2668	Unicorn-18129.exe
588	Unicorn-34008.exe
1908	Unicorn-4615.exe
2308	Unicorn-1600.exe
2512	Unicorn-47656.exe
2896	Unicorn-61391.exe
1316	Unicorn-60360.exe
352	Unicorn-43832.exe
2496	Unicorn-23966.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
1776	Unicorn-39249.exe
1776	Unicorn-39249.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2532	Unicorn-32290.exe
2532	Unicorn-32290.exe
2880	Unicorn-53457.exe
2880	Unicorn-53457.exe
1776	Unicorn-39249.exe
1776	Unicorn-39249.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2808	Unicorn-2243.exe
2808	Unicorn-2243.exe
2532	Unicorn-32290.exe
2532	Unicorn-32290.exe
2712	Unicorn-5922.exe
2712	Unicorn-5922.exe
1776	Unicorn-39249.exe
1776	Unicorn-39249.exe
2604	Unicorn-25788.exe
2732	Unicorn-59621.exe
2732	Unicorn-59621.exe
2604	Unicorn-25788.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2880	Unicorn-53457.exe
2880	Unicorn-53457.exe
2716	Unicorn-19177.exe
2716	Unicorn-19177.exe
2808	Unicorn-2243.exe
2808	Unicorn-2243.exe
2432	Unicorn-39959.exe
2432	Unicorn-39959.exe
3068	Unicorn-11392.exe
3068	Unicorn-11392.exe
2532	Unicorn-32290.exe
2532	Unicorn-32290.exe
2712	Unicorn-5922.exe
2712	Unicorn-5922.exe
1164	Unicorn-45471.exe
1164	Unicorn-45471.exe
2880	Unicorn-53457.exe
2880	Unicorn-53457.exe
532	Unicorn-35705.exe
532	Unicorn-35705.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2604	Unicorn-25788.exe
2892	Unicorn-45911.exe
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
2604	Unicorn-25788.exe
2892	Unicorn-45911.exe
1776	Unicorn-39249.exe
2732	Unicorn-59621.exe
2664	Unicorn-43873.exe
2732	Unicorn-59621.exe
1776	Unicorn-39249.exe
2664	Unicorn-43873.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2956	3056	WerFault.exe	43
2608	1216	WerFault.exe	49
2320	2432	WerFault.exe	38
492	1356	WerFault.exe	50
2916	2228	WerFault.exe	53
1744	2352	WerFault.exe	59
2412	2044	WerFault.exe	54
1792	2076	WerFault.exe	60
620	564	WerFault.exe	70
2544	2156	WerFault.exe	113
2860	1528	WerFault.exe	109
1964	1620	WerFault.exe	119
840	2912	WerFault.exe	131
1380	1240	WerFault.exe	115
3164	1544	WerFault.exe	48
4088	2652	WerFault.exe	93
3604	2460	WerFault.exe	128
3392	916	WerFault.exe	137
4068	2508	WerFault.exe	138
3120	588	WerFault.exe	95
3680	2896	WerFault.exe	99
3724	2268	WerFault.exe	125
3816	3068	WerFault.exe	39
5024	2596	WerFault.exe	127
5012	1624	WerFault.exe	129
4268	2672	WerFault.exe	92
4272	708	WerFault.exe	104
3312	2820	WerFault.exe	126
4824	1740	WerFault.exe	79
5368	2256	WerFault.exe	87
5768	884	WerFault.exe	58
5968	3004	WerFault.exe	135
2680	1084	WerFault.exe	47
6064	1280	WerFault.exe	86
6100	2528	WerFault.exe	108
6112	2308	WerFault.exe	97
5300	3128	WerFault.exe	188
5492	352	WerFault.exe	101
5388	1908	WerFault.exe	96
5580	1068	WerFault.exe	67
5628	2616	WerFault.exe	65
5604	888	WerFault.exe	51
5664	2160	WerFault.exe	145
5688	844	WerFault.exe	134
5852	2040	WerFault.exe	152
5296	2340	WerFault.exe	146
5780	704	WerFault.exe	153
5740	1932	WerFault.exe	144
5696	2992	WerFault.exe	121
5680	2952	WerFault.exe	130
7036	1864	WerFault.exe	150
6480	2908	WerFault.exe	111
6536	2864	WerFault.exe	143
6136	2008	WerFault.exe	122
7764	2080	WerFault.exe	149
7752	2740	WerFault.exe	155
7816	1220	WerFault.exe	140
7800	2960	WerFault.exe	182
7776	2184	WerFault.exe	142
7744	2768	WerFault.exe	185
7732	2020	WerFault.exe	151
7720	2240	WerFault.exe	163
7612	1632	WerFault.exe	172
7592	1088	WerFault.exe	179

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35299.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23238.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26315.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4626.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49429.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36680.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2726.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22139.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
1776	Unicorn-39249.exe
2532	Unicorn-32290.exe
2880	Unicorn-53457.exe
2808	Unicorn-2243.exe
2712	Unicorn-5922.exe
2732	Unicorn-59621.exe
2604	Unicorn-25788.exe
2716	Unicorn-19177.exe
2432	Unicorn-39959.exe
3068	Unicorn-11392.exe
2892	Unicorn-45911.exe
1164	Unicorn-45471.exe
532	Unicorn-35705.exe
3056	Unicorn-65071.exe
2664	Unicorn-43873.exe
1084	Unicorn-45985.exe
1544	Unicorn-313.exe
1356	Unicorn-61832.exe
1000	Unicorn-505.exe
1216	Unicorn-2425.exe
888	Unicorn-64817.exe
2572	Unicorn-42690.exe
2436	Unicorn-33074.exe
1616	Unicorn-22139.exe
2228	Unicorn-35299.exe
2044	Unicorn-41429.exe
1340	Unicorn-52093.exe
2352	Unicorn-51828.exe
884	Unicorn-42005.exe
2076	Unicorn-32227.exe
2928	Unicorn-5051.exe
2704	Unicorn-14764.exe
2616	Unicorn-61543.exe
1068	Unicorn-24381.exe
2300	Unicorn-3022.exe
1484	Unicorn-16597.exe
1920	Unicorn-62695.exe
816	Unicorn-25446.exe
564	Unicorn-62695.exe
2116	Unicorn-65117.exe
2348	Unicorn-48781.exe
404	Unicorn-64365.exe
652	Unicorn-12653.exe
1740	Unicorn-40173.exe
1724	Unicorn-18814.exe
1752	Unicorn-33313.exe
3036	Unicorn-37759.exe
1856	Unicorn-13447.exe
1312	Unicorn-48695.exe
1280	Unicorn-57625.exe
2256	Unicorn-46613.exe
1612	Unicorn-52180.exe
2208	Unicorn-38143.exe
2672	Unicorn-63800.exe
2668	Unicorn-18129.exe
2652	Unicorn-18129.exe
588	Unicorn-34008.exe
2308	Unicorn-1600.exe
1908	Unicorn-4615.exe
2512	Unicorn-47656.exe
2896	Unicorn-61391.exe
1316	Unicorn-60360.exe
352	Unicorn-43832.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 1776	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	30
PID 2172 wrote to memory of 1776	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	30
PID 2172 wrote to memory of 1776	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	30
PID 2172 wrote to memory of 1776	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	30
PID 1776 wrote to memory of 2532	1776	Unicorn-39249.exe	31
PID 1776 wrote to memory of 2532	1776	Unicorn-39249.exe	31
PID 1776 wrote to memory of 2532	1776	Unicorn-39249.exe	31
PID 1776 wrote to memory of 2532	1776	Unicorn-39249.exe	31
PID 2172 wrote to memory of 2880	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	32
PID 2172 wrote to memory of 2880	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	32
PID 2172 wrote to memory of 2880	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	32
PID 2172 wrote to memory of 2880	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	32
PID 2532 wrote to memory of 2808	2532	Unicorn-32290.exe	33
PID 2532 wrote to memory of 2808	2532	Unicorn-32290.exe	33
PID 2532 wrote to memory of 2808	2532	Unicorn-32290.exe	33
PID 2532 wrote to memory of 2808	2532	Unicorn-32290.exe	33
PID 2880 wrote to memory of 2604	2880	Unicorn-53457.exe	34
PID 2880 wrote to memory of 2604	2880	Unicorn-53457.exe	34
PID 2880 wrote to memory of 2604	2880	Unicorn-53457.exe	34
PID 2880 wrote to memory of 2604	2880	Unicorn-53457.exe	34
PID 1776 wrote to memory of 2712	1776	Unicorn-39249.exe	35
PID 1776 wrote to memory of 2712	1776	Unicorn-39249.exe	35
PID 1776 wrote to memory of 2712	1776	Unicorn-39249.exe	35
PID 1776 wrote to memory of 2712	1776	Unicorn-39249.exe	35
PID 2172 wrote to memory of 2732	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	36
PID 2172 wrote to memory of 2732	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	36
PID 2172 wrote to memory of 2732	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	36
PID 2172 wrote to memory of 2732	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	36
PID 2808 wrote to memory of 2716	2808	Unicorn-2243.exe	37
PID 2808 wrote to memory of 2716	2808	Unicorn-2243.exe	37
PID 2808 wrote to memory of 2716	2808	Unicorn-2243.exe	37
PID 2808 wrote to memory of 2716	2808	Unicorn-2243.exe	37
PID 2532 wrote to memory of 2432	2532	Unicorn-32290.exe	38
PID 2532 wrote to memory of 2432	2532	Unicorn-32290.exe	38
PID 2532 wrote to memory of 2432	2532	Unicorn-32290.exe	38
PID 2532 wrote to memory of 2432	2532	Unicorn-32290.exe	38
PID 2712 wrote to memory of 3068	2712	Unicorn-5922.exe	39
PID 2712 wrote to memory of 3068	2712	Unicorn-5922.exe	39
PID 2712 wrote to memory of 3068	2712	Unicorn-5922.exe	39
PID 2712 wrote to memory of 3068	2712	Unicorn-5922.exe	39
PID 1776 wrote to memory of 2892	1776	Unicorn-39249.exe	40
PID 1776 wrote to memory of 2892	1776	Unicorn-39249.exe	40
PID 1776 wrote to memory of 2892	1776	Unicorn-39249.exe	40
PID 1776 wrote to memory of 2892	1776	Unicorn-39249.exe	40
PID 2732 wrote to memory of 2664	2732	Unicorn-59621.exe	42
PID 2732 wrote to memory of 2664	2732	Unicorn-59621.exe	42
PID 2732 wrote to memory of 2664	2732	Unicorn-59621.exe	42
PID 2732 wrote to memory of 2664	2732	Unicorn-59621.exe	42
PID 2604 wrote to memory of 532	2604	Unicorn-25788.exe	41
PID 2604 wrote to memory of 532	2604	Unicorn-25788.exe	41
PID 2604 wrote to memory of 532	2604	Unicorn-25788.exe	41
PID 2604 wrote to memory of 532	2604	Unicorn-25788.exe	41
PID 2172 wrote to memory of 3056	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	43
PID 2172 wrote to memory of 3056	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	43
PID 2172 wrote to memory of 3056	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	43
PID 2172 wrote to memory of 3056	2172	18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe	43
PID 2880 wrote to memory of 1164	2880	Unicorn-53457.exe	44
PID 2880 wrote to memory of 1164	2880	Unicorn-53457.exe	44
PID 2880 wrote to memory of 1164	2880	Unicorn-53457.exe	44
PID 2880 wrote to memory of 1164	2880	Unicorn-53457.exe	44
PID 2716 wrote to memory of 1000	2716	Unicorn-19177.exe	46
PID 2716 wrote to memory of 1000	2716	Unicorn-19177.exe	46
PID 2716 wrote to memory of 1000	2716	Unicorn-19177.exe	46
PID 2716 wrote to memory of 1000	2716	Unicorn-19177.exe	46

C:\Users\Admin\AppData\Local\Temp\18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe
"C:\Users\Admin\AppData\Local\Temp\18e8a9048defa2230f26f1a3109b097859dbdd525a4989da69103e5ce97a1d28N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60360.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        10⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        9⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58505.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        8⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        7⤵
        Executes dropped EXE
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26150.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 220
        9⤵
        Program crash
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        8⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        8⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
        7⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
        9⤵
        Program crash
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
        8⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        8⤵
        Program crash
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59431.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46751.exe
        8⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        8⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55860.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
        7⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        7⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17884.exe
        7⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        7⤵
        
        PID:9172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34977.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        9⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 220
        9⤵
        Program crash
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
        8⤵
        Program crash
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        7⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        8⤵
        Program crash
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4914.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        7⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62874.exe
        7⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        7⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        8⤵
        Program crash
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6875.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        7⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        7⤵
        
        PID:8736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20848.exe
        8⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15378.exe
        7⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        7⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 220
        7⤵
        
        PID:9004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16880.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        6⤵
        
        PID:6872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        6⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        9⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        9⤵
        Program crash
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        8⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47473.exe
        7⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38370.exe
        7⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        8⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        8⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
        7⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54463.exe
        7⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        7⤵
        Program crash
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5189.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        6⤵
        
        PID:4920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        6⤵
        Program crash
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        8⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        8⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        7⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        7⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        7⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        7⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        7⤵
        Program crash
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8893.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        6⤵
        
        PID:4876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        6⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10251.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        7⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        7⤵
        Program crash
        
        PID:7776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        6⤵
        Program crash
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
        6⤵
        
        PID:8760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        5⤵
        
        PID:4620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57618.exe
        5⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58220.exe
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        5⤵
        
        PID:7376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4615.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        8⤵
        Program crash
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        Program crash
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58478.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        7⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
        7⤵
        Program crash
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        8⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51038.exe
        7⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        7⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4472.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58428.exe
        7⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48927.exe
        7⤵
        
        PID:9196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 220
        6⤵
        Program crash
        
        PID:3164
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        5⤵
        Program crash
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 220
        5⤵
        Program crash
        
        PID:492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        5⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55615.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        7⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        7⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
        6⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        6⤵
        
        PID:7196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 216
        6⤵
        
        PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
        5⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
        6⤵
        
        PID:6948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
        6⤵
        
        PID:7484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        6⤵
        
        PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        5⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        5⤵
        
        PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        5⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        5⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        5⤵
        
        PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
      4⤵
      PID:2156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        5⤵
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        5⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        5⤵
        
        PID:6836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        5⤵
        Program crash
        
        PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
      4⤵
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
      4⤵
      PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:8700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        6⤵
        Program crash
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        8⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        8⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55485.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        7⤵
        Program crash
        
        PID:6112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        6⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        7⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        7⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 216
        7⤵
        Program crash
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        6⤵
        
        PID:4868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        6⤵
        Program crash
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12756.exe
        7⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36739.exe
        7⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        7⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        7⤵
        
        PID:8864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        6⤵
        Program crash
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        6⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16958.exe
        6⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        6⤵
        
        PID:8800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        5⤵
        Program crash
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        6⤵
        
        PID:1848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        6⤵
        Program crash
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
        6⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        6⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        6⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        5⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
        5⤵
        
        PID:5072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 220
        5⤵
        Program crash
        
        PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36707.exe
        5⤵
        
        PID:1240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        6⤵
        Program crash
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        5⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
        6⤵
        Program crash
        
        PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
        5⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        5⤵
        
        PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        5⤵
        
        PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        5⤵
        
        PID:8684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        5⤵
        
        PID:3432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        5⤵
        
        PID:4704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        5⤵
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
      4⤵
      PID:4808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
      4⤵
      PID:7364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        6⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        7⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        7⤵
        
        PID:8208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        6⤵
        
        PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
        5⤵
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        6⤵
        
        PID:8156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 220
        6⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        5⤵
        
        PID:4252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        5⤵
        Program crash
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        6⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        7⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        7⤵
        
        PID:9212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        6⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        5⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        5⤵
        
        PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        5⤵
        
        PID:7356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
      4⤵
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        6⤵
        
        PID:5352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        6⤵
        Program crash
        
        PID:7744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        5⤵
        Program crash
        
        PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
      4⤵
      PID:3128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15735.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        5⤵
        
        PID:4352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 240
        5⤵
        Program crash
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
      4⤵
      PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
      4⤵
      PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
      4⤵
      PID:4232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2352
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
      4⤵
      Program crash
      PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7024
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
        5⤵
        Program crash
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6071.exe
      4⤵
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
      4⤵
      PID:7052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6736.exe
      4⤵
      PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37962.exe
      4⤵
      PID:8872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39902.exe
    3⤵
    PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
    3⤵
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
    3⤵
    PID:5812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27556.exe
    3⤵
    PID:7044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
    3⤵
    PID:8012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
    3⤵
    PID:8708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        7⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        7⤵
        Program crash
        
        PID:5024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
        6⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        6⤵
        
        PID:6740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        6⤵
        
        PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        5⤵
        
        PID:2460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 220
        6⤵
        Program crash
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        5⤵
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62084.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        5⤵
        
        PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        5⤵
        
        PID:7452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        7⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        7⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        7⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        7⤵
        
        PID:7580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        6⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
        5⤵
        
        PID:1528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        5⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        6⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
        6⤵
        
        PID:8336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        5⤵
        
        PID:4308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3271.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29188.exe
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7266.exe
        5⤵
        
        PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        5⤵
        
        PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
        6⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        7⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        7⤵
        Program crash
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43918.exe
        6⤵
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
        6⤵
        Program crash
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        6⤵
        
        PID:6820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        6⤵
        Program crash
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36216.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        5⤵
        
        PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        5⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        5⤵
        
        PID:7808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62780.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        5⤵
        
        PID:6904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        5⤵
        
        PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
      4⤵
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        5⤵
        
        PID:6812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
        5⤵
        Program crash
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41282.exe
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
      4⤵
      PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
      4⤵
      PID:7160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        7⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        7⤵
        Program crash
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        6⤵
        
        PID:4988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
        6⤵
        Program crash
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
        5⤵
        
        PID:916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        6⤵
        Program crash
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        5⤵
        
        PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        5⤵
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53030.exe
        6⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
        6⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
        5⤵
        
        PID:4056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        5⤵
        Program crash
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
      4⤵
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        5⤵
        
        PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
        5⤵
        
        PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
      4⤵
      PID:6924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
      4⤵
      PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      4⤵
      PID:8816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 244
      4⤵
      Program crash
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
      4⤵
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62685.exe
        5⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        7⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
        7⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
        6⤵
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3391.exe
        6⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37839.exe
        6⤵
        
        PID:7540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
        6⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        6⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8488.exe
        5⤵
        
        PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60436.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:8184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
      4⤵
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        5⤵
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        5⤵
        
        PID:6388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        5⤵
        
        PID:8300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
      4⤵
      PID:3784
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
      4⤵
      Program crash
      PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32696.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        5⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        5⤵
        
        PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54498.exe
        5⤵
        
        PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
      4⤵
      PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5411.exe
      4⤵
      PID:5520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 220
      4⤵
      Program crash
      PID:6480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
      4⤵
      PID:3388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15882.exe
      4⤵
      PID:5892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
      4⤵
      PID:6384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35947.exe
    3⤵
    PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
    3⤵
    PID:6560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
    3⤵
    PID:8128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11432.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        7⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        7⤵
        
        PID:8248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33751.exe
        6⤵
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        6⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        6⤵
        
        PID:6376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        6⤵
        
        PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        5⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        6⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        6⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        6⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        5⤵
        
        PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        5⤵
        
        PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59906.exe
        5⤵
        
        PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58554.exe
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7379.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        6⤵
        
        PID:5048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        6⤵
        Program crash
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        5⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        5⤵
        
        PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        5⤵
        
        PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55231.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
        5⤵
        
        PID:5600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        5⤵
        Program crash
        
        PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
      4⤵
      PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
      4⤵
      PID:4220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
      4⤵
      PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
      4⤵
      PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
      4⤵
      PID:7432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
      4⤵
      Program crash
      PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
        5⤵
        
        PID:6464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19589.exe
        5⤵
        
        PID:8080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        5⤵
        
        PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22480.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
      4⤵
      PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
      4⤵
      PID:6932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
      4⤵
      PID:7836
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
      4⤵
      PID:8844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
    3⤵
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23925.exe
      4⤵
      PID:7492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
      4⤵
      PID:4500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9190.exe
    3⤵
    PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
    3⤵
    PID:6800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
    3⤵
    PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
    3⤵
    PID:8856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26536.exe
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        6⤵
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
        6⤵
        Program crash
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
        5⤵
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        5⤵
        
        PID:7532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
      4⤵
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14790.exe
        5⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        5⤵
        
        PID:6788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        5⤵
        Program crash
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
      4⤵
      PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13082.exe
      4⤵
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59853.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
      4⤵
      PID:7316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
    3⤵
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
        5⤵
        
        PID:6044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        5⤵
        
        PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        5⤵
        
        PID:8260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57104.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
      4⤵
      PID:4992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
      4⤵
      Program crash
      PID:6100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
    3⤵
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
      4⤵
      PID:7476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 220
      4⤵
      PID:9020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
    3⤵
    PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
    3⤵
    PID:6672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20881.exe
    3⤵
    PID:7232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
    3⤵
    PID:1620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
      4⤵
      Program crash
      PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
    3⤵
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
      4⤵
      PID:7628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
      4⤵
      PID:9032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
    3⤵
    PID:4260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
    3⤵
    PID:7060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
    3⤵
    PID:8996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
  2⤵
  PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
      4⤵
      PID:6528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23151.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:7428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
    3⤵
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
    3⤵
    PID:5592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
    3⤵
    PID:7296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
  2⤵
  PID:3516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
  2⤵
  PID:4640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45367.exe
  2⤵
  PID:6076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
  2⤵
  PID:6588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
  2⤵
  PID:9164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2243.exe

Filesize
468KB

MD5
1220695b448deea15cfddf9635a77168

SHA1
a7eb369c2548c2ebf599cf5a930993e24fd01ea5

SHA256
ff13624b1ccbec802747b09c46028e56c0dca4b906b418cc677f826192fa0786

SHA512
02c048c01bddc8b5deb881c8596e77ce6b9d4ab8eea21d2f6029f9b1feb91a1d37c2d4c55600ded2a8d8c4561dadb4a021ad1a5d53b41050e04a8492629c2d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe

Filesize
468KB

MD5
e81d882ef5371cdbcd2b2d9676e2f8ea

SHA1
1bc8d68def2da1a8abc1a2921a34345910aa0273

SHA256
79a8a09670aec06e9c75ac025bd9b7f7fb560d0880bbe1a546808cfbb902fa83

SHA512
93de021525fb7663f5d672ea608eeb0350a5e5b87c8835c040e9cf77d5b21d24a6a83d478a09c2079c4790a3379a8ceb52652ea95edafa45363b4fcb3972c647

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe

Filesize
468KB

MD5
07299effab613aa3275df446042a2077

SHA1
15744c3f28627c1919885ffbd1df99d634281e1e

SHA256
2113b2ba5dc0335605fd6a95efea7837a4a24b223207451b9d4ca0dd5d7605aa

SHA512
a07c30bd1178e24cb5dac36e2901d9d9d4ccf5e8d63a41305d28ca0c710628ce82e100044dca1cd2d63c2e5a1b7a1c59c9a379c7a45e4ca3b5b08c9788e90ed7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45911.exe

Filesize
468KB

MD5
93be80d27098314c772c19dd8092c353

SHA1
a8785b91d11e9caea52577a9eb2c7c7db9d30c08

SHA256
6e272d728015d9a721be787da5655019c7cd71e21dbf7add504c92fb2c77ec32

SHA512
eb1d478640d7e5bb77fb885c149f9c7f2a90cecc24c30b6e712491b5d383605d7799f03f4efc7b5e15eecd78ce0afa3c29236dd8453ce607656bbd28520ccf0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45985.exe

Filesize
468KB

MD5
a74b55c2281430fd3be79a2ddd11d283

SHA1
844ee64570d091eb190d34be43fea066aa5b6ae6

SHA256
cd3cb6277e1b5bf91d5d6ed815dc79c8c5cd3dbd7e3d103df055d23ab58b56b5

SHA512
4ae65afafc493c8fd3929b5d74118fce5abe50531350c486d407dd4b3939a5e16feb2db6c01bf4289aa5c92b06d785fc663c213545a09df9535b10534cac6118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe

Filesize
468KB

MD5
542d77f91fa6e5c1827d9bfa262244e2

SHA1
942c26a8a6e37e3e1ae0b686c82661d742866e40

SHA256
f544fd99d025895dd1a960fd81f0d4c8c661243cfe15d84102dbb71147305e7f

SHA512
c4ed1ac278df553c7d2af9f54b558d16438557a99416284c894c282cdfd7860f0dd1dd04718eef240406c2acf8d8e182b92089f410a9059f9de601d623a120cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe

Filesize
468KB

MD5
5ce51867e8880e4dbd30076270c37e13

SHA1
0e4e975f4d71358ccd0dfd2ba67d1f9dcb2b3bf0

SHA256
9d2881e3f29d6ca93d9c5350ea15999e75f6a5f352039b28a4fe728f1b8e8cc3

SHA512
608d27db5cae8d8d8611dc6a01c009cd654fcba7b90ee025b7475d4e3316e24e52a8525de94569f2cf408c720b7a5b4a49535c50a5de03a26c562e5c3da8c5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe

Filesize
468KB

MD5
68f17f5a12b6377340fcb67551c0b0bf

SHA1
dcd5d235cd6e261e50ee0632ce802ef5696eef12

SHA256
ec7488e158bfe888b87155617264c3b6b2152e2f9373fcb994dd78c34e80827e

SHA512
59f851fdd068fe18bd15e2b272d04163a3e8f8d9c5a0fc4ed7049caf1987334082ae74af8b27d6dfa3b1b895c6b2604189acf8ba3087ab814b81244094bd0b63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11392.exe

Filesize
468KB

MD5
724bdb0da8b775b3179ef22d729981ff

SHA1
e0caa120b34cb32124681025dd2a909826af7f8c

SHA256
e0bd92940a805c63e80ceaf8f3a12b03b7171cf500c63b4e11c2e17dd38495b5

SHA512
72ffe139998ec72ebdd2bec3df0405a4f48a83955aad06a40a06fac8ec8e7164e9d231ef6003cdaa2544e77572712a1da4cc168af3744c0e1965b6d7aa6461ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe

Filesize
468KB

MD5
d12872221780c0880843abd16463596e

SHA1
37116b41901e4f1231193cd0cab7e7f5cf822b0f

SHA256
97f87ba28f132bb8ef85797b8cc3a1f07440648163ebe66ef0d8a6bcb3e99465

SHA512
a1c86a67836f1ad3dbe3b95f92c85d2906e95ad5f243aae1f0cfb06201f90bb073375b783ebd4b9074364c45d7b01e91704319baffde101858f00fc539ff086a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe

Filesize
468KB

MD5
65964835ba01a502b5440dd2aa7c57e9

SHA1
da754bcc5f8008e93b879bd8d19c4b798e995f3c

SHA256
e6de6a2b31e690edec70d38e85241d116c4d49908814ce052c51ac49489ba21e

SHA512
d9b6ea97b6f4f7d9eb6791229312575bfa572f0f5e3bcd4bdec68f29fcb4784358b850fde1f234ed80ea29f21a955c8f8f808c01ca48109eaf28e409a388df7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe

Filesize
468KB

MD5
6351096f5208a0981a5b2bcf1db5f00e

SHA1
41f3ac5c2dfa5de77b1e57741b9070fa37002d29

SHA256
f09b6c00e405dc2fc50216e2fac9346d4f9400f21ed3a1dbc971c0dff81a8ebc

SHA512
b34aa822f479df33c5ae7035d67bb8b0148233eab831f10359db6522689c9b15092cce37e3116eaf277d0b790c4ca6ea2550b56897d21ebf0c34536a25e949f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-313.exe

Filesize
468KB

MD5
eb92ea60106744ee9f6320e832b8ca48

SHA1
5e2f1f27e73bef815c9eeb3325c01353c2c8e86e

SHA256
0dfc4353c1e8cf2d63731a0c57cbe43c692e66be8652d9ccb5800020967cc33f

SHA512
261378244f1885e4d33e4a09528af7cf4c2ceaf431ffbfaff31daf2516332ed94e463f4ba81fc741aa4108064956dff464ba885c2f25f1a3f2b269f6a9276ae1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe

Filesize
468KB

MD5
e160d0e322122253860373c5d71e0151

SHA1
a6c4573eee3b2eb5c36ea551168ea165df7e720a

SHA256
7e72e791a13508ca9a39ea155da7290823362a5bebb274bb6c3baed564760c62

SHA512
ecc1549fec14d6b73779d423bf1e33c7740602bd0baba221b6b824c7487db610ecd06e49ac41810859c4877683ee22868d0885d7fcd76735c271d8c6b647f9ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe

Filesize
468KB

MD5
6a73547f1ae6ed33a4c97e0ddd482772

SHA1
a6ecb160c0a443320834e95fd442d949ec456dec

SHA256
5b79768ba4afced5b48cea9bc0d4511a71205e85c1cf57074d233b480d80aa48

SHA512
54e8e23a005ed9741ac4fe2c308908d53aa80a0c1ab04c05829b974c86426cc346f256beeda35f05305d2a5ef9a70797fab000afebf949df3038f7329fbd532a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39249.exe

Filesize
468KB

MD5
9194def312b54cf09da497ff5340b538

SHA1
27ae5baf20b3955ffab2e89354ac59e950172fda

SHA256
4c85117a1d907ab5b2937eb8da88120825693db443dc5100f1d8f114b9f8fa13

SHA512
1d877f89dd5826165ff768372f28730f235b0c501c90399f7bec3a932dc08507d6a4b9b65c4dbc181ec01f5b49b99459a2a387978322245f4ea03eb0a72eb179

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe

Filesize
468KB

MD5
00edabda9db95118155131806da5cbbb

SHA1
d25ddc8b90bdd9b84e16fb453d9cc749510bb127

SHA256
087320b84975a652f9cb9ac73bd4e49d0cfe211605f2761029d343365517c155

SHA512
12525c6890c2a1e14575f505fe9c2d02ead0c7063cd98cfa700c5a564da9e83d8db4ea6b1865f8a85a8bc548a6e937d23f7cb01eee84e1953c8d6a60c87360d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe

Filesize
468KB

MD5
a4346c8497e38813a3c5ad0844524d68

SHA1
6a79b388c6afe3d2cbb530bfb667182bbc523d3e

SHA256
e283d14773fa846c6dcf307890bd7ff98194414f722acb2c46cf13cad651e17f

SHA512
297edf8276d1c8e83091b22c74fd819f4945f7673d69d285d7a20cdf2f215b3bd85773fc2b667740e21460fd9d01718a6b5b32bec87add66a62fa4cd4191ee53

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-505.exe

Filesize
468KB

MD5
17d3130354fa256e2d89a87355f69131

SHA1
0987edc6fdc91826d1b8e666b03ffe13bceff4e1

SHA256
f619fe957f75a632d3e13e52128cb1fb8b6eb78f3cac887975722fbb0fdaa742

SHA512
78d4745343df27e8a58b82fbe7eeaa2eadaafa2b4af55b8646de7985b06284f18b61bbd8ccfc052ef7392fdbe3e5bd78752ea2fe8c9655479428d93533c16597

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe

Filesize
468KB

MD5
7e65df980a17dd52a9178db039240e67

SHA1
c14b6d7556175c25f63911ab98ff165e79f27cec

SHA256
5a275b2e193bd911c870a6e43ad65b5aa834d3dcc8afa889c20415862de31b6d

SHA512
4f391e420041fd329fff52cc776fa114f97279ddcabc7ef52e24a652baa068e236930dec0c20ad5b2b183d9a9b779fce1ec55fa9c61c31db49751b34f77a2fb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe

Filesize
468KB

MD5
0df7cd9cdcb38d63951a2c8da858a47e

SHA1
d84afbbb25f2d2d45509ea3ebb6fe392aa320983

SHA256
b98610cc3d882448b714aa50702f4c3a2a14b1afd53fc69d399a3ee347a96dc2

SHA512
10128a1e82a801fea8a4df01642d14f26154598a3a6d7f0a6d3d2c2c88d626934ff93a0f56e1c1dd6471d02fe5a168b92c9b5943c9a0f03b5bde0b0a810dc3ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe

Filesize
468KB

MD5
18c448600f2c67af5c24efc2c2b8f344

SHA1
2a7e9bfa2879043034278c6a3dfbd4337787face

SHA256
75d2681f6766410c5e9a00129297e1973d82564577f65c897bee55a56cab5694

SHA512
c0c12890853a98a535847aa1432342858d3a06e031a20af4999a17327864b6ecfdb8d0cab8f39b362f8158189486946e28b19261690ef0221cc2ec4aa5f1b44e

Download Submit
memory/532-281-0x00000000007B0000-0x0000000000825000-memory.dmp

Filesize
468KB

Download
memory/532-277-0x00000000007B0000-0x0000000000825000-memory.dmp

Filesize
468KB

Download
memory/564-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/884-308-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/888-415-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1000-396-0x0000000001EE0000-0x0000000001F55000-memory.dmp

Filesize
468KB

Download
memory/1000-395-0x0000000001EE0000-0x0000000001F55000-memory.dmp

Filesize
468KB

Download
memory/1000-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1068-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1084-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1084-355-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/1084-354-0x0000000002400000-0x0000000002475000-memory.dmp

Filesize
468KB

Download
memory/1164-265-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/1164-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1164-264-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/1216-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1340-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1356-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1484-408-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1544-375-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/1544-376-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/1616-418-0x0000000001F30000-0x0000000001FA5000-memory.dmp

Filesize
468KB

Download
memory/1616-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-19-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/1776-329-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/1776-129-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/1776-383-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-313-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/1776-128-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2044-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2076-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-377-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2172-300-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2172-289-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2172-32-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2172-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-170-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2172-171-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2172-12-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2172-6-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2228-275-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2300-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2352-330-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-105-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2432-216-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2432-230-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2436-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-422-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2532-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-238-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2532-239-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2532-48-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2572-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2604-153-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2604-292-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2604-301-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2604-143-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/2616-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2664-316-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2664-331-0x0000000002920000-0x0000000002995000-memory.dmp

Filesize
468KB

Download
memory/2664-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-256-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/2712-71-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-252-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/2716-197-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2716-196-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2716-103-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2716-407-0x0000000002650000-0x00000000026C5000-memory.dmp

Filesize
468KB

Download
memory/2732-328-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2732-146-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2732-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-145-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2808-210-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2808-367-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2808-212-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2808-52-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-57-0x0000000000860000-0x00000000008D5000-memory.dmp

Filesize
468KB

Download
memory/2880-173-0x0000000000860000-0x00000000008D5000-memory.dmp

Filesize
468KB

Download
memory/2880-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-274-0x0000000000860000-0x00000000008D5000-memory.dmp

Filesize
468KB

Download
memory/2880-172-0x0000000000860000-0x00000000008D5000-memory.dmp

Filesize
468KB

Download
memory/2880-273-0x0000000000860000-0x00000000008D5000-memory.dmp

Filesize
468KB

Download
memory/2880-36-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-307-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2892-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2892-293-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2928-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-384-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/3068-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3068-232-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download
memory/3068-231-0x0000000002490000-0x0000000002505000-memory.dmp

Filesize
468KB

Download